Unrated severityNVD Advisory· Published May 3, 2021· Updated Sep 16, 2024

denylist of executable filename extensions possible to bypass under windows

CVE-2021-25631

Description

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type.

Affected products

The Document Foundation/Libreoffice Onlinecpe-rescue
Range: 7.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

positive.security/blog/url-open-rcemitrex_refsource_MISC
www.libreoffice.org/about-us/security/advisories/cve-2021-25631/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000