CVE-2021-25631
Summary
| CVE | CVE-2021-25631 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-03 12:15:00 UTC |
| Updated | 2021-05-12 18:58:00 UTC |
| Description | In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Libreoffice | Libreoffice | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2021-25631 | LibreOffice - Free Office Suite - Based on OpenOffice - Compatible with Microsoft | MISC | www.libreoffice.org | |
| Allow arbitrary URLs, expect arbitrary code execution | Positive Security | MISC | positive.security | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Lukas Euler of Positive Security