CVE-2021-25631
denylist of executable filename extensions possible to bypass under windowsIn the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.
We have discovered 135 live websites that are affected by CVE-2021-25631.
Contact us to get more info
Affected Software
| |
---|
Product | LibreOffice |
Category | Content Management System |
Vulnerable Versions | - from 7 before 7.0.5
- from 7.1 before 7.1.2
|
Total Vulnerable Versions | 195 |
Vulnerable Domains | 135 live websites (4.00% of LibreOffice install base) |
Common Weakness Enumeration
CWE-184 Incomplete List of Disallowed Inputs