openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From FR web forum <ooofo...@free.fr>
Subject Re: CVE-2018-16858
Date Mon, 11 Mar 2019 13:57:27 GMT
Well I bump this post because no response till today
This PoC don't work with OpenOffice.
It does not allow to pass parameters to program/python-core-2.7.6/lib/pydoc.py$tempfilepager
But this seems to be possible if you execute a python script from another location on the
local file system.
https://www.youtube.com/watch?v=3mzgsh5hc-0


----- Mail original -----
> De: "FR web forum" <oooforum@free.fr>
> À: dev@openoffice.apache.org
> Envoyé: Dimanche 10 Février 2019 18:41:34
> Objet: CVE-2018-16858
> 
> https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
> AOO 4.1.6 seems to be vulnerable too
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message