Vigil@nce - LibreOffice Cacl: links followed without Control
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When the user configured the security option "Ctrl-click required
to follow hyperlinks", it is not honored in LibreOffice Calc, so
an attacker can force the victim to browse a site.
– Impacted products: LibreOffice
– Severity: 1/4
– Creation date: 13/05/2013
DESCRIPTION OF THE VULNERABILITY
LibreOffice has an option requiring the user to press on the
Control key, before clicking on a link, in order to open it:
– Options
– LibreOffice
– Security
– Options
– Ctrl-click required to follow hyperlinks
However, LibreOffice Calc accepts to follow the link, even if the
user did not press the Control key.
When the user configured the security option "Ctrl-click required
to follow hyperlinks", it is not honored in LibreOffice Calc, so
an attacker can therefore force the victim to browse a site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/LibreOffice-Cacl-links-followed-without-Control-12769