0patch released micropatch for code execution flaw in OpenOffice

Experts at ACROS Security’s 0patch released an unofficial patch for a recently disclosed remote code execution vulnerability in the Apache OpenOffice suite.

ACROS Security’s 0patch released an unofficial patch for a path traversal flaw recently disclosed in the Apache OpenOffice suite.

The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.

“I started to have a look at Libreoffice and discovered a way to achieve remote code execution as soon as a user opens a malicious ODT file and moves his mouse over the document, without triggering any warning dialog.” reads the blog post published by Inführ.

The flaw could have a huge impact because the popular free, open source office suite is used by millions of Windows, MacOS and Linux users.

The expert discovered that it is possible to abuse the OpenDocument scripting framework by adding an onmouseoverevent to a link included in the ODT file.

Inführ devised an attack that relies on exploiting a directory traversal vulnerability tracked as CVE-2018-16858. By exploiting the vulnerability it is possible to trigger the automatic execution of a specific python library included in the suite using a hidden onmouseover event.

Even if OpenOffice developers still haven’t released a fix for the issue, 0patch experts have released an unofficial patch to address this flaw. The micropatch can be applied to the latest version of OpenOffice for Windows.

Researchers also released patches for LibreOffice as well.

0patch also published a video PoC that shows the exploitation of the vulnerability.

This is the second time in a few days that 0patch released an unofficial patch, this week 0patch experts released a micropatch to address an Adobe Reader zero-day that allows maliciously PDF docs to call home and send over the victim’s NTLM hash.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – micropatch, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.