CVE-2018-10583 : An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically p

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

Published 2018-05-01 16:29:00

Updated 2020-10-21 13:15:13

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2018-10583

Probability of exploitation activity in the next 30 days: 24.44%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2018-10583

LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator

Disclosure Date: 2018-05-01

First seen: 2020-04-26

auxiliary/fileformat/odt_badodt

Generates a Malicious ODT File which can be used with auxiliary/server/capture/smb or similar to capture hashes. Authors: - Richard Davy - secureyourit.co.uk

More information

CVSS scores for CVE-2018-10583

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2018-10583

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-10583

http://seclists.org/fulldisclosure/2020/Oct/26

Full Disclosure: [RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
https://lists.apache.org/thread.html/6c65f22306c36c95e75f8d2b7f49cfcbeb0a4614245c20934612a39d@%3Cdev.openoffice.apache.org%3E

CVE-2018-10583 - Pony Mail
https://usn.ubuntu.com/3883-1/

USN-3883-1: LibreOffice vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/0598708912978b27121b2e380b44a225c706aca882cd1da6a955a0af@%3Cdev.openoffice.apache.org%3E

Re: CVE-2018-10583 - Pony Mail
https://security-tracker.debian.org/tracker/CVE-2018-10583

CVE-2018-10583
Issue Tracking;Third Party Advisory
http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/

NTLM Credential Theft via malicious ODT Files – secureyourit.co.uk
Exploit;Mitigation;Third Party Advisory
https://www.exploit-db.com/exploits/44564/

LibreOffice/Open Office - '.odt' Information Disclosure
Exploit;Third Party Advisory;VDB Entry
https://lists.apache.org/thread.html/c8fd59ac77b42aac90eb5c59b87f3ab59b5e0c3bfb4819aa649a2909@%3Cdev.openoffice.apache.org%3E

Pony Mail!
https://access.redhat.com/errata/RHSA-2018:3054

RHSA-2018:3054 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2018-10583

Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Apache » Openoffice » Version: 4.1.5
cpe:2.3:a:apache:openoffice:4.1.5:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Libreoffice » Libreoffice » Version: 6.0.3
cpe:2.3:a:libreoffice:libreoffice:6.0.3:*:*:*:*:*:*:*
Matching versions