Home > Cyber News > CVE-2021-41832: OpenOffice Flaw Could Cause Document Tampering

CVE-2021-41832: OpenOffice Flaw Could Cause Document Tampering


A new vulnerability is lurking in unpatched versions of LibreOffice and OpenOffice, making it possible for hackers to manipulate documents to make them look like they have been signed by a trusted source. Even though the vulnerability (CVE-2021-41832 in OpenOffice and CVE-2021-25635 in LibreOffice) is listed as moderate, it can lead to serious ramifications.

Digital signatures deployed in document macros serve to help users confirm the authenticity of a document, and tampering with them could endanger an entire organization.

CVE-2021-41832 in OpenOffice; CVE-2021-25635 in LibreOffice

The OpenOffice vulnerability was discovered by security researcher Dave Fisher, who described it as “Apache OpenOffice: Content Manipulation with Certificate Validation Attack”. “It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11,” Fisher wrote.

LibreOffice’s vulnerability is identical. “An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person,” according to LibreOffice’s advisory.

How to protect against CVE-2021-41832, CVE-2021-25635 exploits

In terms of patching the issue, it is crucial to note that neither LibreOffice nor OpenOffice offer an auto updating feature. You should make sure you are running the latest versions to make sure you are protected: OpenOffice version 4.1.10 and later, and LibreOffice version 7.0.5 or 7.1.1 and later. You can download the latest versions from the official sources for each application.

In April 2021, security researchers reported multiple one-click vulnerabilities in several popular software apps, including LibreOffice and OpenOffice, allowing threat actors to perform arbitrary code execution attacks.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share