CVE-2021-25631
8.8HIGHIn the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist b
게시됨: 5/3/2021업데이트됨: 11/21/2024
설명
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
AI 분석AI 기반
영향받는 제품
libreofficelibreoffice
libreofficelibreoffice
참조
- https://positive.security/blog/url-open-rce#open-libreofficeExploitThird Party Advisory
- https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/Vendor Advisory
- https://positive.security/blog/url-open-rce#open-libreofficeExploitThird Party Advisory
- https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/Vendor Advisory