[Libreoffice-bugs] [Bug 120675] script:event-listener problems
https://bugs.documentfoundation.org/show_bug.cgi?id=120675 --- Comment #6 from insertscript --- ah yeah let me explain that a little bit: In case an odt file contains a user controlled macro, which gets executed as soon as a certain event is triggered (in my example the onmouseover event), a dialog box is displayed which either blocks this macro or allows it - depending on the configured macro security settings (the default setting won't execute custom macros which are stored inside the document structure). By abusing the path traversal of the vnd.sun.star.script: and specifying "location=share" as the parameter it is possible to execute code in a shell (cmd, sh/bash etc depending on the environment) without triggering any warning dialog. Therefore this behavior is bypassing any "macro" protection in place. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 120675] script:event-listener problems
https://bugs.documentfoundation.org/show_bug.cgi?id=120675 V Stuart Foote changed: What|Removed |Added Component|Writer |sdk Resolution|INVALID |--- CC||caol...@redhat.com Ever confirmed|0 |1 Status|RESOLVED|NEW --- Comment #5 from V Stuart Foote --- So looking at the content.xml the script call is: "" So what is the issue, that python is calling a system executable? So security? -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 120675] script:event-listener problems
https://bugs.documentfoundation.org/show_bug.cgi?id=120675 --- Comment #4 from insertscript --- Created attachment 145809 --> https://bugs.documentfoundation.org/attachment.cgi?id=145809=edit Windows calculator link colored Just to be sure - this PoC has a colored link so you can see the character. Again, move you mouse over the link and it should open the windows calculator. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 120675] script:event-listener problems
https://bugs.documentfoundation.org/show_bug.cgi?id=120675 --- Comment #3 from insertscript --- Before you declare this bug as invalid please try the PoC for windows. It is a simple as possible and just opens calculator. After the document is properly loaded just move your mouse over the document body until calculator is opened. -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 120675] script:event-listener problems
https://bugs.documentfoundation.org/show_bug.cgi?id=120675 --- Comment #2 from insertscript --- Created attachment 145808 --> https://bugs.documentfoundation.org/attachment.cgi?id=145808=edit Poc for windows opens calculator -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 120675] script:event-listener problems
https://bugs.documentfoundation.org/show_bug.cgi?id=120675 --- Comment #1 from V Stuart Foote --- nothing here... -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 120675] script:event-listener problems
https://bugs.documentfoundation.org/show_bug.cgi?id=120675 V Stuart Foote changed: What|Removed |Added CC||vstuart.fo...@utsa.edu Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
[Libreoffice-bugs] [Bug 120675] script:event-listener problems
https://bugs.documentfoundation.org/show_bug.cgi?id=120675 Caolán McNamara changed: What|Removed |Added Summary|RCE/Shell command execution |script:event-listener |in LibreOffice/OpenOffice |problems |via script:event-listener | -- You are receiving this mail because: You are the assignee for the bug.___ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
