Very High
RCE in LibreOffice and OpenOffice via the Apache UNO API
Add Reference
Description
URL
Type
Very High
(1 user assessed)Low
(1 user assessed)Unknown
Unknown
Unknown
RCE in LibreOffice and OpenOffice via the Apache UNO API
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
LibreOffice and OpenOffice are vulnerable to RCE via the Apache UNO API if either program is running as a listener on the host machine.
Add Assessment
Ratings
-
Attacker ValueVery High
-
ExploitabilityLow
Technical Analysis
Details
The soffice
binary allows passing arguments in order to listen on a host ip and port. Axel Boesenach found that the Apache UNO API that acts as a communication bridge to the soffice
process
can execute shell commands through the XSystemShellExecute
execute module. This exploit is useful in that exploitation comes easy through the usage of a Python library. Discovering targets running
this process are likely rare, given that the functionality exploited here is rarely used, and there is no default port that this service listens on. The effort to exploit this vulnerability was
given a higher rating due to these caveats.
General Information
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
What do we mean by "exploited in the wild"?
By selecting this, you are verifying to the AttackerKB community that either you, or a reputable source (example: a security vendor or researcher), has observed an active attempt by attackers, or IOCs related, to exploit this vulnerability outside of a research environment.
A vulnerability should also be considered "exploited in the wild" if there is a publicly available PoC or exploit (example: in an exploitation framework like Metasploit).