7.1.1

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

libreoffice

critical

NVD

Published: 2021-05-03

Updated: 2021-05-12

Summary

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

Vulnerable Configurations

Part	Description	Count
Application	Libreoffice Libreoffice Libreoffice 7.0.4 Libreoffice Libreoffice 7.1.0 Libreoffice Libreoffice 7.1.1	3

References

https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
https://positive.security/blog/url-open-rce#open-libreoffice