Exploit is already available at https://www.exploit-
db.com/exploits/44022/

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1748889

Title:
  [CVE-2018-6871] LibreOffice allows remote attackers to read arbitrary
  files

Status in libreoffice package in Ubuntu:
  New

Bug description:
  CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871
  LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via 
=WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE 
function.

  Current version 1:5.1.2-0ubuntu1 in Ubuntu 16.04.3 is confirmed to be
  affected

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: libreoffice-common 1:5.1.6~rc2-0ubuntu1~xenial2
  ProcVersionSignature: Ubuntu 4.4.0-112.135-generic 4.4.98
  Uname: Linux 4.4.0-112-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.15
  Architecture: amd64
  CurrentDesktop: GNOME-Flashback:Unity
  Date: Mon Feb 12 14:19:03 2018
  InstallationDate: Installed on 2016-04-22 (661 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 
(20160420.1)
  PackageArchitecture: all
  SourcePackage: libreoffice
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748889/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to