CVE-2018-10583 — AI Deep Analysis Summary

🚨 **Essence**: LibreOffice & Apache OpenOffice automatically connect to SMB servers when opening malicious `.odt` files. 💥 **Consequences**: Attackers steal **NTLM hashes** via information disclosure.…

🛡️ **Root Cause**: The software blindly processes embedded links (e.g., `xlink:href=file://...`) in XML documents. It initiates an **SMB connection** without user confirmation or security checks.…

📦 **Affected**: LibreOffice **6.0.3** and Apache OpenOffice Writer **4.1.5**. 📝 Specifically targets `.odt` XML documents containing malicious embedded file references. 🌐 Open-source office suites.

🕵️ **Attacker Action**: By hosting a malicious SMB server, hackers capture **NTLM authentication hashes** from the victim's machine. 🔓 This allows potential **pass-the-hash** attacks or credential theft.…

⚡ **Threshold**: **LOW**. No authentication required. Just tricking a user to open a crafted `.odt` file is enough. 📩 Social engineering is the main vector.…

💣 **Public Exploit**: **YES**. Multiple PoCs exist on GitHub (e.g., `MrTaherAmine/CVE-2018-10583`). 🐍 Python3 scripts generate malicious `.odt` files automatically. Wild exploitation is possible via `impacket-smbserver`.

🔍 **Self-Check**: Scan for LibreOffice/OpenOffice versions **≤ 6.0.3 / 4.1.5**. 📄 Check if `.odt` files are auto-processing external `file://` or `smb://` links.…

🩹 **Fix Status**: **FIXED**. Vendor advisories (RedHat RHSA-2018:3054, Ubuntu USN-3883-1) confirm patches are available. 🔄 Update to the latest stable versions immediately. Official trackers list this as resolved.

🚧 **No Patch?**: Disable **auto-processing** of external resources in settings. 🛑 Use a sandboxed environment for opening untrusted `.odt` files. 🚫 Block SMB traffic (port 445) at the firewall if possible.…

🔥 **Urgency**: **HIGH**. NTLM hash theft is a direct path to full system compromise. 🚨 Critical for enterprises using these office suites. Patch immediately or apply strict network controls. Do not ignore!