Document Fdn.VULNRICHMENT:CVE-2024-6472CVE-2024-6472 Ability to trust not validated macro signatures removed in high security mode
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the
developer using a cryptographic signature. When a document with a signed
macro is opened a warning is displayed by LibreOffice before the macro
is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
CNA Affected
[
{
"vendor": "The Document Foundation",
"product": "LibreOffice",
"versions": [
{
"status": "affected",
"version": "24.2",
"lessThan": "24.2.5",
"versionType": "24.2 series"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:the_document_foundation:libreoffice:*:*:*:*:*:*:*:*"
],
"vendor": "the_document_foundation",
"product": "libreoffice",
"versions": [
{
"status": "affected",
"version": "24.2",
"lessThan": "24.2.5",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.4%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total