Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OpenOffice Zero-Day Code Execution Flaw Gets Free Micropatch
#1
Quote:A micropatch is now available for a zero-day OpenOffice code execution vulnerability which can be triggered via automated macro execution following a mouseover event when viewing a maliciously crafted ODT document.

Using an exploit for this zero-day vulnerability, potential attackers can issue a directory traversal attack against users of all versions of OpenOffice and all LibreOffice releases up to and including 6.0.6/6.1.2.1.

However, the OpenOffice 0day which is currently tracked as CVE-2018-16858 and received a CVSS3 Base Score of 7.8 from Red Hat, has been fixed by The Document Foundation in the LibreOffice 6.0.7/6.1.3 release after receiving a report from security researcher Alex Inführ who discovered the issue.

The researcher also created and published a Proof-of-Concept for CVE-2018-16858 in the form of a FODT extension which he also uploaded to the VirusTotal malware scanning service.

According to Inführ, the OpenOffice zero-day vulnerability impacts LibreOffice because of "a feature where documents can specify that pre-installed macros can be executed on various document events such as mouse-over" as detailed in the Directory traversal flaw in script execution advisory published by The Document Foundation on February 1.

SOURCE: https://www.bleepingcomputer.com/news/se...icropatch/
[-] The following 2 users say Thank You to silversurfer for this post:
  • darktwilight, harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54
GFYI [Official] EaseUS Data Recovery Wi...
I utilize EaseUS Par...zevish — 08:10
MultCloud 500GB Data Traffic Lifetime wi...
MultCloud offers a c...zevish — 07:59
O&O SafeErase Professional 17 Lifetime G...
O&O SafeErase Pr...zevish — 07:43

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>