Threat Watch

LibreOffice Security Flaw

LibreOffice, the popular open-source office suite, has been found by researchers to have a major code execution flaw in its software. The flaw, being tracked as CVE-2019-9848, could allow someone to execute arbitrary Python commands through the program. The flaw could be exploited through a malicious document containing a macro that is opened by LibreOffice. In a blog post, researchers were able to demonstrate the flaw that stems from a component called LibreLogo, which is a programming interface that uses turtle vector graphics. The Proof of Concept (POC) post shows how a link inside the document is opened without clicking on the link itself through a code written in the Python coding language. The link is executed once the mouse pointer hovers over the link. Researchers also suggest that this bug can be exploited with OnFocus events and forms that could execute the link when the document is opened. This bug was originally reported to be fixed with LibreOffice 6.2.5; however, researchers were still able to exploit the flaw.


While LibreOffice has been reported to be working on a patch for this flaw, it is recommended that users either install LibreOffice without macros or exclude the LibreLogo install.