CVE-2018-16858: Remote Code Execution Bug in LibreOffice
CYBER NEWS

CVE-2018-16858: Remote Code Execution Bug in LibreOffice

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Security researchers discovered a security flaw in LibreOffice and Apache OpenOffice, the free open source office software that is used on Windows, MacOS, and Linux operating systems.

Alex Inführ, a security researcher, unearthed a severe remote code execution flaw in both applications. The flaw, known as CVE-2018-16858, can be triggered simply by opening a maliciously-crafted ODT (OpenDocument Text) file.




Technical Overview of CVE-2018-16858

According to RedHat researchers:

It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

Inführ findings indicate that the Python file pydoc.py which is included in the LibreOffice’s own Python interpreter accepts arbitrary commands in one of its parameters, executing them through the system’s command line or console.

Related: Old Microsoft Office Feature Can Be Used to Launch Virus Attacks

The researcher also released a proof-of-concept video where he shows how he triggered the attack into calling a specific function within a Python file.

Apparently, the exploit should work on Linux, as well despite the initial test being done on a Windows machine. The of CVE-2018-16858 vulnerability was reported to LibreOffice and Apache OpenOffice on October 18, 2019. The flaw was fixed in LibreOffice with the release of LibreOffice 6.0.7/6.1.3. However, OpenOffice is still not patched.

It should be noted that RedHat assigned the vulnerability a CVE ID in November, and asked the researcher not to disclose the details of the proof-of-concept until January 31, 2019. The researcher revealed the exploit code on February 1, with Apache OpenOffice 4.1.6 still unpatched. Nonetheless, the researcher says the exploit code doesn’t affect OpenOffice.

“Openoffice does not allow to pass parameters; therefore, my PoC does not work but the path traversal can [still] be abused to execute a python script from another location on the local file system,” Inführ said.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...