CVE-2018-10583

HIGH

LibreOffice 6.0.3 - Apache OpenOffice Writer 4.1.5 - Info Disclosure

Title source: llm

Description

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

Exploits (5)

exploitdb WORKING POC
by Richard Davy · pythonlocalwindows
https://www.exploit-db.com/exploits/44564
nomisec WORKING POC 9 stars
by MrTaherAmine · poc
https://github.com/MrTaherAmine/CVE-2018-10583
nomisec WORKING POC 1 stars
by octodi · poc
https://github.com/octodi/CVE-2018-10583
inthewild WORKING POC
poc
https://github.com/taharamine/cve-2018-10583
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/fileformat/odt_badodt.rb

References (9)

Scores

CVSS v3 7.5
EPSS 0.7189
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (10)
apache/openoffice 4.1.5
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
debian/debian_linux 7.0
debian/debian_linux 8.0
debian/debian_linux 9.0
libreoffice/libreoffice 6.0.3
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_workstation 7.0
Published May 01, 2018
Tracked Since Feb 18, 2026