Well I bump this post because no response till today This PoC don't work with OpenOffice. It does not allow to pass parameters to program/python-core-2.7.6/lib/pydoc.py$tempfilepager But this seems to be possible if you execute a python script from another location on the local file system. https://www.youtube.com/watch?v=3mzgsh5hc-0
----- Mail original ----- > De: "FR web forum" <[email protected]> > À: [email protected] > Envoyé: Dimanche 10 Février 2019 18:41:34 > Objet: CVE-2018-16858 > > https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html > AOO 4.1.6 seems to be vulnerable too > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
