The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: LibreOffice

Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again

Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again

August 16, 2019Swati Khandelwal
If you are using LibreOffice, you need to update it once again. LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities. LibreOffice is one of the most popular and open source alternatives to Microsoft Office suite and is available for Windows, Linux and macOS systems. One of the two vulnerabilities, tracked as CVE-2019-9848 , that LibreOffice attempted to patch just last month was a code execution flaw that affected LibreLogo, a programmable turtle vector graphics script that ships by default with LibreOffice. This flaw allows an attacker to craft a malicious document that can silently execute arbitrary python commands without displaying any warning to a targeted user. Apparently, the patch for this vulnerability was insufficient, as The Hacker News also reported late last month , which allowed two separate secu
Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)

Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)

July 26, 2019Swati Khandelwal
Are you using LibreOffice? You should be extra careful about what document files you open using the LibreOffice software over the next few days. That's because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file. LibreOffice is one of the most popular and open source alternatives to Microsoft Office suite and is available for Windows, Linux and macOS systems. Earlier this month, LibreOffice released the latest version 6.2.5 of its software that addresses two severe vulnerabilities (CVE-2019-9848 and CVE-2019-9849), but the patch for the former has now been bypassed, security researcher Alex Inführ claims . Though Inführ has not yet disclosed details of the technique that allowed him to bypass the patch, the impact of this vulnerability remains the same, as explained below. 1.) CVE-2019-9848 : This vulnerability, which still exists in the latest version,
Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software

Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software

February 05, 2019Swati Khandelwal
It's 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer. No, I'm not talking about yet another vulnerability in Microsoft Office, but in two other most popular alternatives— LibreOffice and Apache OpenOffice —free, open source office software used by millions of Windows, MacOS and Linux users. Security researcher Alex Inführ has discovered a severe remote code execution (RCE) vulnerability in these two open source office suites that could be triggered just by opening a maliciously-crafted ODT (OpenDocument Text) file. The attack relies on exploiting a directory traversal flaw, identified as CVE-2018-16858, to automatically execute a specific python library bundled within the software using a hidden onmouseover event. To exploit this vulnerability, Inführ created  an ODT file with a white-colored hyperlink (so it can't be seen) that has an "onmouseover" event to trick victim
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.