Automatic SMB Connection Initiation in LibreOffice and Apache OpenOffice Writer

Automatic SMB Connection Initiation in LibreOffice and Apache OpenOffice Writer

CVE-2018-10583 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

Learn more about our Cis Benchmark Audit For Apache Http Server.