CVE-2024-12426
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2024-12426. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.
URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links.
This issue affects LibreOffice: from 24.8 before < 24.8.4.
Available Exploits
Related News
Cybersecurity researchers at Codean Labs have discovered two vulnerabilities in LibreOffice, allowing arbitrary file writes and remote data The post LibreOffice Vulnerabilities (CVE-2024-12425 & CVE-2024-12426): PoCs Released, Patch ASAP appeared first on Cybersecurity News.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Advisory provided by GitHub Security Advisory Database. Published: January 7, 2025, Modified: January 7, 2025