Bug 128760 - Our team at Yahoo mail found a critical vulnerability in LibraOffice.
Summary: Our team at Yahoo mail found a critical vulnerability in LibraOffice.
Status: RESOLVED MOVED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
6.2.8.2 release
Hardware: All All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-13 00:05 UTC by onadiv
Modified: 2019-11-13 00:31 UTC (History)
1 user (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description onadiv 2019-11-13 00:05:35 UTC
Description:
I would like to report it to the team at LibreOffice.  Please contact me directly using a valid LibreOffice email address to get more specific information.

Thanks.

Actual Results:
An attacker can read files from the host's machine.

Expected Results:
An attacker does not have access to files on the host's machine.


Reproducible: Always


User Profile Reset: No



Additional Info:
Comment 1 Xisco Faulí 2019-11-13 00:31:54 UTC
Please, write an email to the security team < https://www.libreoffice.org/about-us/security/ > providing all the information on how to reproduce the vulnerability.