Description: It is possible to get code execution in a document without the user getting a prompt with the highest macro settings Steps to Reproduce: Open a specific document I'm not going to attach here Actual Results: calc.exe opens Expected Results: Showing some sort of error or prompt Reproducible: Always User Profile Reset: No Additional Info: Version: 6.2.4.2 (x64) Build ID: 2412653d852ce75f65fbfa83fb7e7b669a126d64 CPU threads: 4; OS: Windows 10.0; UI render: default; VCL: win; Locale: en-US (en_US); UI-Language: en-US Calc: threaded
Hello, Thank you for filing the bug. Please send us a sample document, as this makes it easier for us to verify the bug. I have set the bug's status to 'NEEDINFO', so please do change it back to 'UNCONFIRMED' once you have attached a document. (Please note that the attachment will be public, remove any sensitive information before attaching it.) How can I eliminate confidential data from a sample document? https://wiki.documentfoundation.org/QA/FAQ#How_can_I_eliminate_confidential_data_from_a_sample_document.3F Thank you
Maybe security problem: https://www.libreoffice.org/about-us/security/ see Incident Response Procedure
Addressed by CVE-2019-9848