CVE-2018-6871
Published: 09 February 2018
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
Priority
CVSS 3 base score: 9.8
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871
- https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
- https://blog.documentfoundation.org/blog/2018/02/09/early-availability-libreoffice-5-4-5-libreoffice-6-0-1/
- https://usn.ubuntu.com/usn/usn-3579-1
- NVD
- Launchpad
- Debian