loader gif

Critical vulnerability found in LibreOffice and Apache OpenOffice could allow attackers to remotely execute code

Critical vulnerability found in LibreOffice and Apache OpenOffice could allow attackers to remotely execute code
  • A critical vulnerability (CVE-2018-16858) was detected in LibreOffice and Apache OpenOffice available for Windows, Mac, and Linux.
  • This vulnerability could allow an attacker to execute remote code and compromise the system.

A security researcher Alex Inführ detected a critical vulnerability (CVE-2018-16858) in LibreOffice and Apache OpenOffice available for Windows, Mac, and Linux. This vulnerability could allow an attacker to remotely execute code and compromise the system. The researcher who detected the vulnerability also published a Proof-of-Concept on his blog.

This vulnerability impacts LibreOffice versions 6.0.7 and later, and it affects Apache OpenOffice's latest version 4.1.6.

Exploiting mouseover event

The vulnerability uses a mouseover event, which tricks users to hover the mouse over a link within the document.

  • The flaw is embedded in the link within the LibreOffice and Apache Office document.
  • Once users hover their mouse pointer or place their mouse pointer over the link within the document, the exploit is triggered.
  • This triggers execution of a local Python file and even allows calling functions within the file and passing parameters for it.

Vulnerability patched in LibreOffice

Upon detection, the security researcher reported the bug via the LibreOffice Bugzilla system, but his Bugzilla report got closed.

“At first I reported it via the libreoffice bugzilla system. Apparently, for security issues, it is better to send an email to officesecurity@lists.freedesktop.org, but I did not know that. So my bugzilla report got closed but I convinced them to have another look. The bug was picked up and moved to a thread via officesecurity@lists.freedesktop.org. The issue was verified and fixed quite fast,” the researcher described in his blog.

The vulnerability has been fixed in LibreOffice, but Apache is yet to release a security update to fix the vulnerability in OpenOffice.

loader gif