{"containers": {"cna": {"affected": [{"product": "LibreOffice", "vendor": "Document Foundation", "versions": [{"lessThan": "6.2.7", "status": "affected", "version": "6.2", "versionType": "custom"}, {"lessThan": "6.3.1", "status": "affected", "version": "6.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Thanks to alex (@insertscript) for reporting this issue"}], "datePublic": "2019-09-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1."}], "problemTypes": [{"descriptions": [{"description": "Windows 8.3 path equivalence handling flaw", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-22T05:03:53.000Z", "orgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "shortName": "Document Fdn."}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/"}, {"name": "openSUSE-SU-2019:2183", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "openSUSE-SU-2019:2361", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Windows 8.3 path equivalence handling flaw allows LibreLogo script execution", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@documentfoundation.org", "DATE_PUBLIC": "2019-09-06T00:00:00.000Z", "ID": "CVE-2019-9855", "STATE": "PUBLIC", "TITLE": "Windows 8.3 path equivalence handling flaw allows LibreLogo script execution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LibreOffice", "version": {"version_data": [{"version_affected": "<", "version_name": "6.2", "version_value": "6.2.7"}, {"version_affected": "<", "version_name": "6.3", "version_value": "6.3.1"}]}}]}, "vendor_name": "Document Foundation"}]}}, "credit": [{"lang": "eng", "value": "Thanks to alex (@insertscript) for reporting this issue"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Windows 8.3 path equivalence handling flaw"}]}]}, "references": {"reference_data": [{"name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/", "refsource": "CONFIRM", "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/"}, {"name": "openSUSE-SU-2019:2183", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "openSUSE-SU-2019:2361", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:01:55.101Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/"}, {"name": "openSUSE-SU-2019:2183", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"name": "openSUSE-SU-2019:2361", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html"}]}]}, "cveMetadata": {"assignerOrgId": "4fe7d05b-1353-44cc-8b7a-1e416936dff2", "assignerShortName": "Document Fdn.", "cveId": "CVE-2019-9855", "datePublished": "2019-09-06T18:40:17.271Z", "dateReserved": "2019-03-17T00:00:00.000Z", "dateUpdated": "2024-09-16T18:49:33.756Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C5282A5-6EF5-4458-A35E-F688C6751B37", "versionEndExcluding": "6.2.7", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F9A03CA-E4B2-4935-9E97-A5772DC4DE93", "versionEndExcluding": "6.3.1", "versionStartIncluding": "6.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added to block calling LibreLogo from script event handers. However a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable under Windows that a document could trigger executing LibreLogo via a Windows filename pseudonym. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1."}, {"lang": "es", "value": "LibreOffice es com\u00fanmente paquetizado con LibreLogo, un script de gr\u00e1ficos vectoriales turtle programable, que puede ejecutar comandos de python arbitrarios contenidos con el documento desde que es activado. LibreOffice tambi\u00e9n presenta una funcionalidad en la que los documentos pueden especificar que los scripts preinstalados pueden ser ejecutados en varios eventos de script de documentos, tales como mouse-over, etc. La protecci\u00f3n fue agregada para bloquear la llamada a LibreLogo desde los manejadores de eventos de script. Sin embargo, un fallo en el manejo de la equivalencia de ruta de Windows versi\u00f3n 8.3 dej\u00f3 a LibreOffice vulnerable bajo Windows que un documento podr\u00eda desencadenar la ejecuci\u00f3n de LibreLogo por medio del seud\u00f3nimo del nombre de archivo de Windows. Este problema afecta a: Document Foundation LibreOffice versiones 6.2 anteriores a 6.2.7; versiones 6.3 anteriores a 6.3.1."}], "id": "CVE-2019-9855", "lastModified": "2024-11-21T04:52:26.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-06T19:15:12.073", "references": [{"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"source": "security@documentfoundation.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html"}, {"source": "security@documentfoundation.org", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9855/"}], "sourceIdentifier": "security@documentfoundation.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-417"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}