CVE-2018-16858

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE-2018-16858

FR web forum
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
AOO 4.1.6 seems to be vulnerable too

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: CVE-2018-16858

FR web forum
Well I bump this post because no response till today
This PoC don't work with OpenOffice.
It does not allow to pass parameters to program/python-core-2.7.6/lib/pydoc.py$tempfilepager
But this seems to be possible if you execute a python script from another location on the local file system.
https://www.youtube.com/watch?v=3mzgsh5hc-0


----- Mail original -----

> De: "FR web forum" <[hidden email]>
> À: [hidden email]
> Envoyé: Dimanche 10 Février 2019 18:41:34
> Objet: CVE-2018-16858
>
> https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
> AOO 4.1.6 seems to be vulnerable too
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]