====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN223
_____________________________________________________________________

DATE                : 16/04/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running LibreOffice versions prior
                               to 7.0.5, 7.1.2.

=====================================================================
https://www.libreoffice.org/about-us/security/advisories/cve-2021-25631/
_____________________________________________________________________

CVE-2021-25631

Title: Denylist of executable filename extensions possible to bypass
under windows

Announced: April 15, 2021

Fixed in: LibreOffice 7.0.5/7.1.2

Description:

LibreOffice has a feature where hyperlinks in a document can be
activated by CTRL+click. Under Windows the link can be passed to the
system ShellExecute function for handling. LibreOffice contains a
denylist of extensions that it blocks from passing to ShellExecute to
avoid attempting to launch executables.

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0
series in versions prior to 7.0.5, the denylist can be circumvented by
manipulating the link so it doesn't match the denylist but results in
ShellExecute attempting to launch an executable type.

In the fixed versions this circumvention has been blocked. All Windows
users are recommended to upgrade to LibreOffice >= 7.0.5 or >= 7.1.2


References:

Thanks to Lukas Euler of Positive Security for discovering and reporting
this problem


References:

    CVE-2021-25631


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================