Security News > 2016 > June > Easily exploitable LibreOffice flaw is a godsend for hackers (Help Net Security)

Easily exploitable LibreOffice flaw is a godsend for hackers (Help Net Security)
2016-06-30 20:53

A serious LibreOffice flaw can be easily exploited by attackers to deliver malware on computers running a vulnerable version of the popular free and open source office suite. According to The Document Foundation, which develops the software suite, the vulnerability (CVE-2016-4324) arises from an insufficient check for validity while parsing the Rich Text Format (RTF) character style index. It is a Use After Free vulnerability that could ultimately allow for malicious code execution. And, unfortunately, … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/zQeyP8JRfjE/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-07-08 CVE-2016-4324 Improper Input Validation vulnerability in multiple products
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.
local
low complexity
debian libreoffice canonical CWE-20
7.8
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Libreoffice 1 0 10 22 12 44