CVE-2021-25631
N/A
N/A
Summary
In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Document Foundation | LibreOffice | 7.1 < 7.1.2 | affected |
| The Document Foundation | LibreOffice | 7.0 < 7.0.5 | affected |
Weaknesses
- CWE-184: CWE-184 Incomplete Denylist
ADP Enrichment
CVE Program Container
Additional References
- https://positive.security/blog/url-open-rce#open-libreoffice
- https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
References
- https://positive.security/blog/url-open-rce#open-libreoffice
- https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.