The vulnerability (CVE-2018-16858) has been found in LibreOffice version 6.0.7 or later and Apache OpenOffice version 4.1.6 which is found on Mac, Linux, and Windows. This vulnerability gives an attacker the chance to remotely execute code and ultimately compromise the system. A mouseover event is used to get users to hover their mouse over a malicious link within the two Office documents which then leads to the execution of a Python file. The researcher who discovered this vulnerability released a PoC and has also reported his findings to the proper entities. LibreOffice has fixed the issue on their end, but Apache has yet to patch it on their side.
Analyst Notes
Users of these Office applications should remove or rename the pythonscript.py file in the installation folder. Since Apache has not made an update yet, be cautious of this vulnerability. If users are operating on Libre, they should use the updates that they released.
