LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libreoffice | Libreoffice | * | 5.4.5 (excluding) |
Libreoffice | Libreoffice | 6.0.0 (including) | 6.0.0 (including) |
Libreoffice | Libreoffice | 6.0.0-alpha1 (including) | 6.0.0-alpha1 (including) |
Libreoffice | Libreoffice | 6.0.0-beta1 (including) | 6.0.0-beta1 (including) |
Libreoffice | Libreoffice | 6.0.0-beta2 (including) | 6.0.0-beta2 (including) |