0patch released micropatch for code execution flaw in OpenOffice

Experts at ACROS Security’s 0patch released an unofficial patch for a recently disclosed remote code execution vulnerability in the Apache OpenOffice suite.

ACROS Security’s 0patch released an unofficial patch for a path traversal flaw recently disclosed in the Apache OpenOffice suite.

The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.

“I started to have a look at Libreoffice and discovered a way to achieve remote code execution as soon as a user opens a malicious ODT file and moves his mouse over the document, without triggering any warning dialog.” reads the blog post published by Inführ.

The flaw could have a huge impact because the popular free, open source office suite is used by millions of Windows, MacOS and Linux users.

The expert discovered that it is possible to abuse the OpenDocument scripting framework by adding an onmouseoverevent to a link included in the ODT file.

Inführ devised an attack that relies on exploiting a directory traversal vulnerability tracked as CVE-2018-16858. By exploiting the vulnerability it is possible to trigger the automatic execution of a specific python library included in the suite using a hidden onmouseover event.

Even if OpenOffice developers still haven’t released a fix for the issue, 0patch experts have released an unofficial patch to address this flaw. The micropatch can be applied to the latest version of OpenOffice for Windows.

Researchers also released patches for LibreOffice as well.

0patch also published a video PoC that shows the exploitation of the vulnerability.

This is the second time in a few days that 0patch released an unofficial patch,  this week 0patch experts released a micropatch to address an Adobe Reader zero-day that allows maliciously PDF docs to call home and send over the victim’s NTLM hash.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – micropatch, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]