A repairman with

Enlarge (credit: Lisa Brewster / Flickr)

LibreOffice, an open source clone of Microsoft Office, has patched a bug that allowed attackers to execute commands of their choosing on vulnerable computers. A similar flaw in Apache OpenOffice remains unfixed.

Austrian researcher Alex Inführ publicly reported the vulnerability on Friday, shortly after it was fixed in LibreOffice. His disclosure included a proof-of-concept exploit that successfully executed commands on computers running what was then a fully patched version of LibreOffice. The only interaction that was required was that the target user hover over an invisible link with a mouse. On Wednesday, researcher John Lambert provided additional PoC samples.

The chief vulnerability exploited is a path traversal that allowed the attack code to move out of its current directory and into one that contained a sample Python script that LibreOffice installed by default. That allowed Inführ to invoke the cmd command on the vulnerable computer. The researcher then exploited a separate weakness that allowed him to pass parameters of his choice to the command.

Read 5 remaining paragraphs | Comments

index?i=4ARTwQj9R1A:Luor2pMkC1w:V_sGLiPB index?i=4ARTwQj9R1A:Luor2pMkC1w:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Leave a Reply

Your email address will not be published. Required fields are marked *