Bug 1203209 – VUL-0: CVE-2022-3140: libreoffice: Macro URL arbitrary script execution

Bug 1203209 - (CVE-2022-3140) VUL-0: CVE-2022-3140: libreoffice: Macro URL arbitrary script execution

(CVE-2022-3140)
Summary:	VUL-0: CVE-2022-3140: libreoffice: Macro URL arbitrary script execution

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/341760/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-09-07 11:30 UTC by Robert Frohl
Modified:	2022-12-19 13:16 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 5 Hu 2022-10-11 13:27:40 UTC

public: https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140/

Comment 6 Robert Frohl 2022-10-13 09:00:23 UTC

(In reply to Hu from comment #5)
> public:
> https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140/

Announced: October 11, 2022

Fixed in: LibreOffice 7.3.6/7.4.1

Description:

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added.

In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning.

In versions >= 7.3.6 (and >= 7.4.1) such unwanted command URIs are blocked from  execution.

Credits:

    TheSecurityDev working with Trend Micro Zero Day Initiative

Comment 7 Swamp Workflow Management 2022-10-17 19:20:57 UTC

SUSE-SU-2022:3602-1: An update that fixes three vulnerabilities, contains one feature is now available.

Category: security (important)
Bug References: 1201868,1201872,1203209
CVE References: CVE-2022-26305,CVE-2022-26307,CVE-2022-3140
JIRA References: SLE-23448
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    libreoffice-7.3.6.2-48.28.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libreoffice-7.3.6.2-48.28.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2022-10-19 01:25:14 UTC

SUSE-SU-2022:3650-1: An update that fixes three vulnerabilities, contains one feature is now available.

Category: security (important)
Bug References: 1201868,1201872,1203209
CVE References: CVE-2022-26305,CVE-2022-26307,CVE-2022-3140
JIRA References: SLE-23447
Sources used:
openSUSE Leap 15.4 (src):    libreoffice-7.3.6.2-150300.14.22.24.2
openSUSE Leap 15.3 (src):    libreoffice-7.3.6.2-150300.14.22.24.2
SUSE Linux Enterprise Workstation Extension 15-SP4 (src):    libreoffice-7.3.6.2-150300.14.22.24.2
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    libreoffice-7.3.6.2-150300.14.22.24.2
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src):    libreoffice-7.3.6.2-150300.14.22.24.2
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    libreoffice-7.3.6.2-150300.14.22.24.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.