[Libreoffice-bugs] [Bug 114878] New: Fix "CSV injection" vulnerability

bugzilla-daemon Sun, 07 Jan 2018 03:23:44 -0800

https://bugs.documentfoundation.org/show_bug.cgi?id=114878


            Bug ID: 114878
           Summary: Fix "CSV injection" vulnerability
           Product: LibreOffice
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: Calc
          Assignee: [email protected]
          Reporter: [email protected]

Description:
Maliciously crafted CSV document leads, in violation of RFC4180, to remote code
execution.

http://georgemauer.net/2017/10/07/csv-injection.html
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20injection


Steps to Reproduce:
http://georgemauer.net/2017/10/07/csv-injection.html
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/CSV%20injection


Actual Results:  
RCE

Expected Results:
No RCE. Fields must not be interpreted as formulas in such kinds of documents.


Reproducible: Always


User Profile Reset: No



Additional Info:


User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101
Firefox/59.0

-- 
You are receiving this mail because:
You are the assignee for the bug.

_______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 114878] New: Fix "CSV injection" vulnerability

Reply via email to