Threat Watch

LibreOffice and Apache OpenOffice Critical Vulnerability

The vulnerability (CVE-2018-16858) has been found in LibreOffice version 6.0.7 or later and Apache OpenOffice version 4.1.6 which is found on Mac, Linux, and Windows. This vulnerability gives an attacker the chance to remotely execute code and ultimately compromise the system. A mouseover event is used to get users to hover their mouse over a malicious link within the two Office documents which then leads to the execution of a Python file. The researcher who discovered this vulnerability released a PoC and has also reported his findings to the proper entities. LibreOffice has fixed the issue on their end, but Apache has yet to patch it on their side.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Users of these Office applications should remove or rename the pythonscript.py file in the installation folder. Since Apache has not made an update yet, be cautious of this vulnerability. If users are operating on Libre, they should use the updates that they released.

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support