Dismiss this notice
WinRAR forever! Father's Day 2019 Giveaway - [Only registered and activated users can see links Click here to register]

Dismiss this notice
Avast Premier Photo Caption - [Only registered and activated users can see links Click here to register]

Dismiss this notice
FastestVPN Accounts Giveaway - [Only registered and activated users can see links Click here to register]


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OpenOffice Zero-Day Code Execution Flaw Gets Free Micropatch
#1
Quote:A micropatch is now available for a zero-day OpenOffice code execution vulnerability which can be triggered via automated macro execution following a mouseover event when viewing a maliciously crafted ODT document.

Using an exploit for this zero-day vulnerability, potential attackers can issue a directory traversal attack against users of all versions of OpenOffice and all LibreOffice releases up to and including 6.0.6/6.1.2.1.

However, the OpenOffice 0day which is currently tracked as [Only registered and activated users can see links Click here to register] and received a CVSS3 Base Score of 7.8 from [Only registered and activated users can see links Click here to register], has been fixed by The Document Foundation in the LibreOffice 6.0.7/6.1.3 release after receiving a report from security researcher [Only registered and activated users can see links Click here to register][Only registered and activated users can see links Click here to register].

The researcher also created and published a [Only registered and activated users can see links Click here to register] for CVE-2018-16858 in the form of a FODT extension which he also [Only registered and activated users can see links Click here to register] malware scanning service.

According to Inführ, the OpenOffice zero-day vulnerability impacts LibreOffice because of "a feature where documents can specify that pre-installed macros can be executed on various document events such as mouse-over" as detailed in the [Only registered and activated users can see links Click here to register] advisory published by The Document Foundation on February 1.

SOURCE: [Only registered and activated users can see links Click here to register]
[-] The following 2 users Like silversurfer's post:
  • darktwilight, harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
GIMP 2.10.12
GIMP 2.10.12 GIMP...damien76 — 19:00
[Giveaway] WinX HD Video Converter Delu...
WinX HD Video Conver...ismail — 18:57
AnyMP4 Screen Recorder Professional 1.2....
The best tool for...ismail — 18:53
Shotcut 19.06.15
Shotcut 19.07.15 (15...damien76 — 18:51
InPixio Photo Editor 9 [for PC]
Easily transform ...ismail — 18:47

[-]
Birthdays
Today's Birthdays
avatar (34)papedDow
avatar (43)ArnoldFum
avatar (31)yfaza
Upcoming Birthdays
avatar (36)lapedDow
avatar (42)rituabew
avatar (30)omyjul
avatar (32)boineDon
avatar (34)vkseogaF
avatar (30)usogy
avatar (33)ywixazok

[-]
Online Staff
There are no staff members currently online.

>