You should be extra careful about what document files you open using the LibreOffice software over the next few days.
That's because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file.
LibreOffice is one of the most popular and open source alternatives to Microsoft Office suite and is available for Windows, Linux and macOS systems.
Earlier this month, LibreOffice released the latest version 6.2.5 of its software that addresses two severe vulnerabilities (CVE-2019-9848 and CVE-2019-9849), but the patch for the former has now been bypassed, security researcher Alex Inführ claims.
Though Inführ has not yet disclosed details of the technique that allowed him to bypass the patch, the impact of this vulnerability remains the same, as explained below.
1.) CVE-2019-9848: This vulnerability, which still exists in the latest version, resides in LibreLogo, a programmable turtle vector graphics script that ships by default with LibreOffice.
LibreLogo allows users to specify pre-installed scripts in a document that can be executed on various events such as mouse-over.
"The big problem here is that the code is not translated well and just supplying python code as the script code often results in the same code after translation," Emmerich said.
"Using forms and OnFocus event, it is even possible to get code execution when the document is opened, without the need for a mouse-over event."
Emmerich also released a proof-of-concept for this attack on his blog post.
2.) CVE-2019-9849: This vulnerability, which you can fix by installing the latest available update, could allow the inclusion of remote arbitrary content within a document even when 'stealth mode' is enabled.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!Save My Seat!
The stealth mode is not enabled by default, but users can activate it to instruct documents retrieve remote resources only from trusted locations.
How to Protect Your System
- Open the setup to start the installation
- Select "Custom" installation
- Expand "Optional Components"
- Click on "LibreLogo" and select "This Feature Will Not Be Available"
- Click Next and then Install the software