Security News > 2019 > February > Malicious macros can trigger RCE in LibreOffice, OpenOffice
2019-02-07 06:50
Achieving remote code execution on systems running LibreOffice or Apache OpenOffice might be as easy as tricking users into opening a malicious ODT (OpenDocument) file and moving their mouse over it, a security researcher has found. About CVE-2018-16858 CVE-2018-16858 takes advantage of a LibreOffice feature where documents can specify that pre-installed macros can be executed on various document events (e.g. mouse-over-object). “Prior to 6.0.7/6.1.3 LibreOffice was vulnerable to a directory traversal attack where it was … More → The post Malicious macros can trigger RCE in LibreOffice, OpenOffice appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/zzXKYslheCM/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-25 | CVE-2018-16858 | Path Traversal vulnerability in Libreoffice It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. | 9.8 |