LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libreoffice | Libreoffice | * | 5.4.5 (excluding) |
Libreoffice | Libreoffice | 6.0.0 (including) | 6.0.0 (including) |
Libreoffice | Libreoffice | 6.0.0-alpha1 (including) | 6.0.0-alpha1 (including) |
Libreoffice | Libreoffice | 6.0.0-beta1 (including) | 6.0.0-beta1 (including) |
Libreoffice | Libreoffice | 6.0.0-beta2 (including) | 6.0.0-beta2 (including) |
Red Hat Enterprise Linux 6 | RedHat | libreoffice-1:4.3.7.2-2.el6_9.2 | * |
Red Hat Enterprise Linux 7 | RedHat | libreoffice-1:5.0.6.2-15.el7_4 | * |
Libreoffice | Ubuntu | artful | * |
Libreoffice | Ubuntu | devel | * |
Libreoffice | Ubuntu | trusty | * |
Libreoffice | Ubuntu | upstream | * |
Libreoffice | Ubuntu | xenial | * |