Dismiss this notice
Master PDF Editor Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6240

Dismiss this notice
Avast Premier Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6095

Dismiss this notice
Ashampoo Snap 10 Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6241

Dismiss this notice
Backup4all Professional Easter 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6464


Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OpenOffice Zero-Day Code Execution Flaw Gets Free Micropatch
#1
Quote:A micropatch is now available for a zero-day OpenOffice code execution vulnerability which can be triggered via automated macro execution following a mouseover event when viewing a maliciously crafted ODT document.

Using an exploit for this zero-day vulnerability, potential attackers can issue a directory traversal attack against users of all versions of OpenOffice and all LibreOffice releases up to and including 6.0.6/6.1.2.1.

However, the OpenOffice 0day which is currently tracked as CVE-2018-16858 and received a CVSS3 Base Score of 7.8 from Red Hat, has been fixed by The Document Foundation in the LibreOffice 6.0.7/6.1.3 release after receiving a report from security researcher Alex Inführ who discovered the issue.

The researcher also created and published a Proof-of-Concept for CVE-2018-16858 in the form of a FODT extension which he also uploaded to the VirusTotal malware scanning service.

According to Inführ, the OpenOffice zero-day vulnerability impacts LibreOffice because of "a feature where documents can specify that pre-installed macros can be executed on various document events such as mouse-over" as detailed in the Directory traversal flaw in script execution advisory published by The Document Foundation on February 1.

SOURCE: https://www.bleepingcomputer.com/news/se...icropatch/
[-] The following 2 users Like silversurfer's post:
  • darktwilight, harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
Try Out the Reader Mode in Microsoft’s N...
Last Post: silversurfer
Today 14:13
» Replies: 0
» Views: 27
Microsoft Brings a Key Security Feature ...
Last Post: silversurfer
Today 14:13
» Replies: 0
» Views: 26
PC Game Giveaway:Assassins Creed Unity
Last Post: sinanogz
Today 10:57
» Replies: 0
» Views: 23
LibreOffice 6.1.2
Last Post: JM Safe
Today 09:53
» Replies: 5
» Views: 197
WhatsApp Will Allow Users to Block Conve...
Last Post: JM Safe
Today 09:51
» Replies: 1
» Views: 30
Avast Blog_Security News: Facebook wants...
Last Post: harlan4096
Today 07:51
» Replies: 0
» Views: 25
Avast Blog_Tips & Advices: Are budget-tr...
Last Post: harlan4096
Today 07:49
» Replies: 0
» Views: 20
Emsisoft Anti-Malware named one of AVLab...
Last Post: harlan4096
Today 07:41
» Replies: 0
» Views: 47
Next generation antivirus: the future of...
Last Post: harlan4096
Today 07:38
» Replies: 0
» Views: 34
10 Chrome Extensions to Boost Your Onlin...
Last Post: harlan4096
Today 07:31
» Replies: 0
» Views: 22
Microsoft Announces Surface Hub 2S: 50-I...
Last Post: harlan4096
Today 07:26
» Replies: 0
» Views: 18
AMD 50th Anniversary Ryzen CPUs Listed A...
Last Post: harlan4096
Today 07:24
» Replies: 0
» Views: 15
The Huawei P30 & P30 Pro Reviews: Photog...
Last Post: harlan4096
Today 07:22
» Replies: 0
» Views: 25
Samsung Completes Development of 5nm EUV...
Last Post: harlan4096
Today 07:20
» Replies: 0
» Views: 24
TSMC Reveals 6 nm Process Technology: 7 ...
Last Post: harlan4096
Today 07:16
» Replies: 0
» Views: 19
8 ways in which Microsoft Edge (Chromium...
Last Post: harlan4096
Today 07:11
» Replies: 0
» Views: 24
Google to present browser and search cho...
Last Post: harlan4096
Today 07:09
» Replies: 0
» Views: 19
Ubuntu 19.04 is out
Last Post: harlan4096
Today 07:07
» Replies: 0
» Views: 17
Start Menu gets its own process and a pe...
Last Post: harlan4096
Today 07:04
» Replies: 0
» Views: 21
Microsoft explains how Dynamic Updates w...
Last Post: harlan4096
Today 07:02
» Replies: 0
» Views: 23

[-]
Staffs Online
There are no staff members currently online.