CVE-2021-25830

Sažetak

A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer.

Reference

https://github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25830
https://github.com/ONLYOFFICE/core
https://github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/Editor/BinaryFileReaderWriter.cpp#L1918
https://github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/Editor/BinaryFileReaderWriter.cpp#L241
https://github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/PPTXFormat/Logic/UniFill.cpp#L343
https://github.com/ONLYOFFICE/DocumentServer

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-03-2021 - 19:53

Objavljeno

01-03-2021 - 16:15