CVE-2018-6871

CRITICAL

LibreOffice <5.4.5 & 6.x <6.0.1 - Info Disclosure

Title source: llm

Description

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

Exploits (1)

exploitdb WORKING POC
by Mikhail Klementev · remotelinux
https://www.exploit-db.com/exploits/44022

References (8)

Scores

CVSS v3 9.8
EPSS 0.3005
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (19)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 17.10
debian/debian_linux 9.0
libreoffice/libreoffice 6.0.0 (4 CPE variants)
libreoffice/libreoffice < 5.4.5
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server 7.0
... and 9 more
Published Feb 09, 2018
Tracked Since Feb 18, 2026