Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Free Micropatch for Critical Zero-Day Flaw in OpenOffice Now Available

The AchieVer

By The AchieVer
in Software News

Recommended Posts

The AchieVer

The AchieVer

Posted
Posted

Free Micropatch for Critical Zero-Day Flaw in OpenOffice Now Available 

A zero-day vulnerability that was recently discovered in LibreOffice and OpenOffice is finally fixed in both Office productivity suites after a micropatch for the latter was published by 0patch.

A zero-day vulnerability that was recently discovered in LibreOffice and OpenOffice is finally fixed in both Office productivity suites after a micropatch for the latter was published by 0patch.

The bug in LibreOffice was fixed earlier this month with a security update released by The Document Foundation.

Today’s micropatch is available free of charge but is only offered to Windows devices. Linux systems running OpenOffice remain vulnerable to exploits until an official patch is published.Vulnerability already fixed in LibreOffice, no sign of OpenOffice patchThe Remote Code Execution (RCE) flaw was discovered by researcher Alex Inführ who noted that attackers can simply rely on a malicious document that includes a Python to take advantage of mouse-hover actions for macros.

This way, attackers can technically run code on target systems without users doing nothing more than moving the mouse cursor within a document, all without the triggered actions being noticeable.

“Openoffice does not allow to pass parameters therefore my PoC does not work but the path traversal can be abused to execute a python script from another location on the local file system,” the researcher noted in his vulnerability disclosure.

The micropatch published by 0patch can only be installed for OpenOffice for Windows version 4.1.6. 0patch also rolled out two different micropatches for 32-bit and 64-bit versions of LibreOffice 6.1.2.1.

To deploy the micropatch and resolve the vulnerability in OpenOffice, you first need to install the 0patch Agent from 0patch.com. It’s available free of charge and it doesn’t require a system reboot.

In the meantime, it’s not yet known when an official patch for the OpenOffice bug would be released, but should you decide not to rely on this micropatch to block potential exploits, just make sure you do not open documents coming from sources you don’t trust.
 
 
Link to comment
Share on other sites
  • Views 373
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...