You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@openoffice.apache.org by FR web forum <oo...@free.fr> on 2019/02/10 17:41:34 UTC

CVE-2018-16858

https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
AOO 4.1.6 seems to be vulnerable too

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org

Re: CVE-2018-16858

Posted by FR web forum <oo...@free.fr>.

Well I bump this post because no response till today
This PoC don't work with OpenOffice.
It does not allow to pass parameters to program/python-core-2.7.6/lib/pydoc.py$tempfilepager
But this seems to be possible if you execute a python script from another location on the local file system.
https://www.youtube.com/watch?v=3mzgsh5hc-0


----- Mail original -----
> De: "FR web forum" <oo...@free.fr>
> À: dev@openoffice.apache.org
> Envoyé: Dimanche 10 Février 2019 18:41:34
> Objet: CVE-2018-16858
> 
> https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
> AOO 4.1.6 seems to be vulnerable too
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org