Security News > 2019 > February > Malicious macros can trigger RCE in LibreOffice, OpenOffice

Malicious macros can trigger RCE in LibreOffice, OpenOffice
2019-02-07 06:50

Achieving remote code execution on systems running LibreOffice or Apache OpenOffice might be as easy as tricking users into opening a malicious ODT (OpenDocument) file and moving their mouse over it, a security researcher has found. About CVE-2018-16858 CVE-2018-16858 takes advantage of a LibreOffice feature where documents can specify that pre-installed macros can be executed on various document events (e.g. mouse-over-object). “Prior to 6.0.7/6.1.3 LibreOffice was vulnerable to a directory traversal attack where it was … More → The post Malicious macros can trigger RCE in LibreOffice, OpenOffice appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/zzXKYslheCM/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-03-25 CVE-2018-16858 Path Traversal vulnerability in Libreoffice
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document.
network
low complexity
libreoffice CWE-22
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Libreoffice 1 0 24 23 7 54
Openoffice 2 1 7 4 15 27