ACROS Security’s 0patch released an unofficial patch for a path traversal flaw recently disclosed in the Apache OpenOffice suite.
The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.
“I started to have a look at
The flaw could have a huge impact because the popular free, open source office suite is used by millions of Windows, MacOS and Linux users.
The expert discovered that it is possible to abuse the OpenDocument scripting framework by adding an
Inführ devised an attack that relies on exploiting a directory traversal vulnerability tracked as CVE-2018-16858. By exploiting the vulnerability it is possible to trigger the automatic execution of a specific python library included in the suite using a hidden
Even if OpenOffice developers still haven’t released a fix for the issue, 0patch experts have released an unofficial patch to address this flaw. The
Researchers also released patches for LibreOffice as well.
0patch also published a video PoC that shows the exploitation of the vulnerability.
This is the second time in a few days that 0patch released an unofficial patch, this week 0patch experts released a micropatch to address an Adobe Reader zero-day that allows maliciously PDF docs to call home and send over the victim’s NTLM hash.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.