A new vulnerability is lurking in unpatched versions of LibreOffice and OpenOffice, making it possible for hackers to manipulate documents to make them look like they have been signed by a trusted source. Even though the vulnerability (CVE-2021-41832 in OpenOffice and CVE-2021-25635 in LibreOffice) is listed as moderate, it can lead to serious ramifications.
Digital signatures deployed in document macros serve to help users confirm the authenticity of a document, and tampering with them could endanger an entire organization.
CVE-2021-41832 in OpenOffice; CVE-2021-25635 in LibreOffice
The OpenOffice vulnerability was discovered by security researcher Dave Fisher, who described it as “Apache OpenOffice: Content Manipulation with Certificate Validation Attack”. “It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11,” Fisher wrote.
LibreOffice’s vulnerability is identical. “An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person,” according to LibreOffice’s advisory.
How to protect against CVE-2021-41832, CVE-2021-25635 exploits
In terms of patching the issue, it is crucial to note that neither LibreOffice nor OpenOffice offer an auto updating feature. You should make sure you are running the latest versions to make sure you are protected: OpenOffice version 4.1.10 and later, and LibreOffice version 7.0.5 or 7.1.1 and later. You can download the latest versions from the official sources for each application.
In April 2021, security researchers reported multiple one-click vulnerabilities in several popular software apps, including LibreOffice and OpenOffice, allowing threat actors to perform arbitrary code execution attacks.