The vulnerability (CVE-2018-16858) has been found in LibreOffice version 6.0.7 or later and Apache OpenOffice version 4.1.6 which is found on Mac, Linux, and Windows. This vulnerability gives an attacker the chance to remotely execute code and ultimately compromise the system. A mouseover event is used to get users to hover their mouse over a malicious link within the two Office documents which then leads to the execution of a Python file. The researcher who discovered this vulnerability released a PoC and has also reported his findings to the proper entities. LibreOffice has fixed the issue on their end, but Apache has yet to patch it on their side.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased