CVE-2019-9851

CRITICAL

LibreOffice - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-9851. PoCs published by LoadLow.

AI-analyzed exploit summary This Metasploit module exploits CVE-2019-9851 in LibreOffice by generating a malicious ODT file that executes arbitrary Python code via embedded macros when the document is opened. The exploit leverages the LibreLogo macro functionality to achieve remote code execution.

Description

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.

Exploits (1)

exploitdb WORKING POC
by LoadLow · rubyremotemultiple
https://www.exploit-db.com/exploits/47298

This Metasploit module exploits CVE-2019-9851 in LibreOffice by generating a malicious ODT file that executes arbitrary Python code via embedded macros when the document is opened. The exploit leverages the LibreLogo macro functionality to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LibreOffice (versions affected by CVE-2019-9851)
No auth needed
Prerequisites: Target must open the malicious ODT file in a vulnerable version of LibreOffice
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/28
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4501
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4102-1/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html

Scores

CVSS v3 9.8
EPSS 0.8508
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (10)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.04
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 29
libreoffice/libreoffice < 6.2.6
opensuse/leap 15.0
opensuse/leap 15.1
Published Aug 15, 2019
Tracked Since Feb 18, 2026