module
LibreOffice Macro Code Execution
| Disclosed | Created |
|---|---|
| Oct 18, 2018 | Apr 22, 2019 |
Disclosed
Oct 18, 2018
Created
Apr 22, 2019
Description
LibreOffice comes bundled with sample macros written in Python and
allows the ability to bind program events to them. A macro can be tied
to a program event by including the script that contains the macro and
the function name to be executed. Additionally, a directory traversal
vulnerability exists in the component that references the Python script
to be executed. This allows a program event to execute functions from Python
scripts relative to the path of the samples macros folder. The pydoc.py script
included with LibreOffice contains the tempfilepager function that passes
arguments to os.system, allowing RCE.
This module generates an ODT file with a mouse over event that
when triggered, will execute arbitrary code.
allows the ability to bind program events to them. A macro can be tied
to a program event by including the script that contains the macro and
the function name to be executed. Additionally, a directory traversal
vulnerability exists in the component that references the Python script
to be executed. This allows a program event to execute functions from Python
scripts relative to the path of the samples macros folder. The pydoc.py script
included with LibreOffice contains the tempfilepager function that passes
arguments to os.system, allowing RCE.
This module generates an ODT file with a mouse over event that
when triggered, will execute arbitrary code.
Authors
Alex Inführ
Shelby Pace
Shelby Pace
Platform
Linux,Windows
Architectures
x86, x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.