CVE-2021-25631

Exploit

EPSS 1.7%
Veröffentlicht 03.05.2021 12:15:07
Zuletzt bearbeitet 21.11.2024 05:55:10
Quelle security@documentfoundation.or
CVE-Watchlists
Login
Unerledigt
Login

denylist of executable filename extensions possible to bypass under windows

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libreoffice ≫ Libreoffice Version >= 7.0.0 < 7.0.5

Libreoffice ≫ Libreoffice Version >= 7.1.0 < 7.1.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.7%	0.822

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

https://positive.security/blog/url-open-rce#open-libreoffice

Third Party Advisory

Exploit

https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25631

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25631

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25631

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-25631