Well I bump this post because no response till today This PoC don't work with OpenOffice. It does not allow to pass parameters to program/python-core-2.7.6/lib/pydoc.py$tempfilepager But this seems to be possible if you execute a python script from another location on the local file system. https://www.youtube.com/watch?v=3mzgsh5hc-0
----- Mail original ----- > De: "FR web forum" <ooofo...@free.fr> > À: dev@openoffice.apache.org > Envoyé: Dimanche 10 Février 2019 18:41:34 > Objet: CVE-2018-16858 > > https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html > AOO 4.1.6 seems to be vulnerable too > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
