“OpenOffice does not allow to pass parameters therefore my PoC does not work but the path traversal can be abused to execute a python script from another location on the local file system,” Inführ noted. Unfortunately, the same vulnerability also affects the latest available version of Apache OpenOffice open-source office productivity suite (v4.1.6) and a fix has yet to be released. Alex Inführ, the researcher who flagged the flaw and published a PoC exploit for it, confirmed that versions 6.0.7 and 6.1.4.2 incorporate the fix. The bundled python happens to include a method which executes via os.system one of its arguments, providing a simple route in 6.1 to execute arbitrary commands via such a crafted document.”Īs noted in the advisory, the issue has been fixed, and users have been urged to upgrade to one of the fixed versions. “In the 6.1 series, the problem was compounded by an additional feature which enables specifying in the document arguments to pass to the python method. “Prior to 6.0.7/6.1.3 LibreOffice was vulnerable to a directory traversal attack where it was possible to craft a document which when opened by LibreOffice would, when such common document events occur, execute a python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location,” the Document Foundation, which develops the LibreOffice suite, explained. Achieving remote code execution on systems running LibreOffice or Apache OpenOffice might be as easy as tricking users into opening a malicious ODT (OpenDocument) file and moving their mouse over it, a security researcher has found.ĬVE-2018-16858 takes advantage of a LibreOffice feature where documents can specify that pre-installed macros can be executed on various document events (e.g.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |