CVE-2018-10583 PoC — LibreOffice和Apache OpenOffice 信息泄露漏洞

Source

https://github.com/MrTaherAmine/CVE-2018-10583

Associated Vulnerability

Title:LibreOffice和Apache OpenOffice 信息泄露漏洞 (CVE-2018-10583)
Description:LibreOffice和Apache OpenOffice都是开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等软件。前者由文档基金会（The Document Foundation，TDF）开发；后者由美国阿帕奇（Apache）软件基金会开发，OpenOffice Writer是其中的一个文档编辑软件。 LibreOffice 6.0.3版本和Apache OpenOffice Writer 4.1.5版本中存在信息泄露漏洞。攻击者可借助恶意的PDF文件利用该漏洞获取NTLM散列

Description

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by "xlink:href=file://192.168.0.2/test.jpg" within an "office:document-content" element in a ".odt XML document".

Readme

# CVE-2018-10583

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by "xlink:href=file://192.168.0.2/test.jpg" within an "office:document-content" element in a ".odt XML document".


http://bit.ly/2w9mU1n

File Snapshot


 [4.0K]  /data/pocs/7cfd5144d56ef4ba9723732a862493d6b05a5259
├── [7.5K]  44564.py
└── [ 360]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!