![]() The vulnerability has been fixed in LibreOffice, but Apache is yet to release a security update to fix the vulnerability in OpenOffice. The bug was picked up and moved to a thread via The issue was verified and fixed quite fast,” the researcher described in his blog. So my bugzilla report got closed but I convinced them to have another look. Apparently, for security issues, it is better to send an email to but I did not know that. “At first I reported it via the libreoffice bugzilla system. Upon detection, the security researcher reported the bug via the LibreOffice Bugzilla system, but his Bugzilla report got closed. This triggers execution of a local Python file and even allows calling functions within the file and passing parameters for it. That might not sound objectionable, but the article linked above says '.you shouldn’t rely on the 'trusted list' functionality as an invalid signature algorithm could still make a laced document appear as it comes from a trusted source.' 25 level 2 jthill 3m You have complete control over the list of trusted sources.Once users hover their mouse pointer or place their mouse pointer over the link within the document, the exploit is triggered.The flaw is embedded in the link within the LibreOffice and Apache Office document.The vulnerability uses a mouseover event, which tricks users to hover the mouse over a link within the document. This vulnerability impacts LibreOffice versions 6.0.7 and later, and it affects Apache OpenOffice's latest version 4.1.6. ![]() The researcher who detected the vulnerability also published a Proof-of-Concept on his blog. This vulnerability could allow an attacker to remotely execute code and compromise the system. This vulnerability could allow an attacker to execute remote code and compromise the system.Ī security researcher Alex Inführ detected a critical vulnerability (CVE-2018-16858) in LibreOffice and Apache OpenOffice available for Windows, Mac, and Linux.A critical vulnerability (CVE-2018-16858) was detected in LibreOffice and Apache OpenOffice available for Windows, Mac, and Linux. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |