Jump to content
Sign in to follow this  
The AchieVer

Free Micropatch for Critical Zero-Day Flaw in OpenOffice Now Available

Recommended Posts

The AchieVer

Free Micropatch for Critical Zero-Day Flaw in OpenOffice Now Available 

A zero-day vulnerability that was recently discovered in LibreOffice and OpenOffice is finally fixed in both Office productivity suites after a micropatch for the latter was published by 0patch.

A zero-day vulnerability that was recently discovered in LibreOffice and OpenOffice is finally fixed in both Office productivity suites after a micropatch for the latter was published by 0patch.

The bug in LibreOffice was fixed earlier this month with a security update released by The Document Foundation.

Today’s micropatch is available free of charge but is only offered to Windows devices. Linux systems running OpenOffice remain vulnerable to exploits until an official patch is published.Vulnerability already fixed in LibreOffice, no sign of OpenOffice patchThe Remote Code Execution (RCE) flaw was discovered by researcher Alex Inführ who noted that attackers can simply rely on a malicious document that includes a Python to take advantage of mouse-hover actions for macros.

This way, attackers can technically run code on target systems without users doing nothing more than moving the mouse cursor within a document, all without the triggered actions being noticeable.

“Openoffice does not allow to pass parameters therefore my PoC does not work but the path traversal can be abused to execute a python script from another location on the local file system,” the researcher noted in his vulnerability disclosure.

The micropatch published by 0patch can only be installed for OpenOffice for Windows version 4.1.6. 0patch also rolled out two different micropatches for 32-bit and 64-bit versions of LibreOffice 6.1.2.1.

To deploy the micropatch and resolve the vulnerability in OpenOffice, you first need to install the 0patch Agent from 0patch.com. It’s available free of charge and it doesn’t require a system reboot.

In the meantime, it’s not yet known when an official patch for the OpenOffice bug would be released, but should you decide not to rely on this micropatch to block potential exploits, just make sure you do not open documents coming from sources you don’t trust.
 
 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...