FILE-OFFICE -- Snort detected traffic targeting vulnerabilities in files belonging to the Microsoft Office suite of software (Excel, PowerPoint, Word, Visio, Access, Outlook, etc.).
FILE-OFFICE LibreOffice WEBSERVICE arbitrary file disclosure attempt
This event is generated when an attacker attempts to exploit an arbitrary file disclosure vulnerability in LibreOffice. Impact: Attempted User Privilege Gain Details: Rule checks for attempts to exploit an arbitrary file disclosure vulnerability in LibreOffice. Ease of Attack:
No public information
No known false positives
Cisco Talos Intelligence Group
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
CVE-2018-6871LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. |
|