CVE-2021-25631
8.8HIGHIn the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist b
Опубликовано: 5/3/2021Обновлено: 11/21/2024
Описание
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
ИИ-АнализНа базе ИИ
Затронутые продукты
libreofficelibreoffice
libreofficelibreoffice
Ссылки
- https://positive.security/blog/url-open-rce#open-libreofficeExploitThird Party Advisory
- https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/Vendor Advisory
- https://positive.security/blog/url-open-rce#open-libreofficeExploitThird Party Advisory
- https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/Vendor Advisory