Third-Party Patch Released for Code Execution Flaw in OpenOffice

0
13
0patch releases fix for OpenOffice vulnerability

Third-Party Patch Released for Code Execution Flaw in OpenOffice

An unofficial patch has been made to be had for a not too long ago disclosed faraway code execution vulnerability affecting the Apache OpenOffice open supply productiveness suite.

The flaw, described as a trail traversal factor and tracked as CVE-2018-16858, was once disclosed in early February through researcher Alex Inführ. The knowledgeable discovered hacker may just execute code on a machine through getting the centered person to open a specifically crafted record that loaded a Python report positioned through the attacker anyplace at the software.

The assault comes to a record containing a specifically crafted hyperlink pointing to a Python script. When the sufferer opens the record and hovers over the hyperlink, the malicious code will get accomplished with none caution message being displayed. In order to keep away from elevating suspicion and make the assault much more likely to be triumphant, a hacker can create a record the place all the web page is stuffed with hyperlinks whose colour has been set to white – this fashion the sufferer handiest sees a clean web page ahead of the exploit is accomplished.

Inführ says the vulnerability affects each LibreOffice and OpenOffice. However, LibreOffice builders launched a patch lower than two weeks after being notified.

OpenOffice builders, alternatively, don’t seem to have issued any fixes and feature now not made any feedback at the vulnerability. SecurityWeek has reached out to them multiple week in the past, however won no reaction.

ACROS Security’s 0patch carrier has launched an unofficial patch for OpenOffice to handle this vulnerability. The micropatch may also be implemented to the newest model of OpenOffice for Windows. Micropatches had been launched for LibreOffice as neatly.

gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw== - Third-Party Patch Released for Code Execution Flaw in OpenOffice

0patch has printed a video appearing an exploit strive with out and with the patch implemented:

0patch this week additionally launched a repair for an Adobe Reader vulnerability that were unpatched. Adobe launched an authentic patch tomorrow.

Related: Unofficial Patches Released for Three Unfixed Windows Flaws

Related: Third-Party Patch Released for Windows Zero-Day

gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw== - Third-Party Patch Released for Code Execution Flaw in OpenOffice
gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw== - Third-Party Patch Released for Code Execution Flaw in OpenOffice
vlc responds to criticism over lack of https for updates - Third-Party Patch Released for Code Execution Flaw in OpenOffice

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He labored as a highschool IT trainer for two years ahead of beginning a profession in journalism as Softpedia’s safety information reporter. Eduard holds a bachelor’s level in commercial informatics and a grasp’s level in laptop tactics implemented in electric engineering.

Previous Columns through Eduard Kovacs:
gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw== - Third-Party Patch Released for Code Execution Flaw in OpenOfficeTags:

LEAVE A REPLY

Please enter your comment!
Please enter your name here