Skip to main content

OpenOffice Vulnerable to Remote Code Execution, LibreOffice Patched

posted onFebruary 5, 2019
by l33tdawg
Bleeping Computer
Credit: Bleeping Computer

OpenOffice is exposed to a remote code execution vulnerability that can be triggered using automated macro execution when users move the mouse over a maliciously crafted ODT document.

The security issue affects all versions of OpenOffice, as well as all LibreOffice releases up to and including 6.0.6/6.1.6. The bug was patched by The Document Foundation in LibreOffice 6.0.7/6.1.3 after receiving a report from security researcher Alex Inführ.

However, at the time this article was published, OpenOffice 4.1.6 (the latest version ) is still vulnerable. Inführ says in his detailed description of the vulnerability that the bug affected both Linux and Windows versions of LibreOffice and that no warning dialog would be displayed after successful exploitation: "I started to have a look at LibreOffice and discovered a way to achieve remote code execution as soon as a user opens a malicious ODT file and moves his mouse over the document, without triggering any warning dialog."

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th