Severe Security Flaws in LibreOffice

  • CERT Admin
  • Mon Aug 19 2019
  • Alerts

Systems Affected 

LibreOffice versions below 6.2.6

Threat Level

High

Overview 

An Attacker could craft a malicious document that can silently execute arbitrary python commands (CVE-2019-9851, CVE-2019-9850, CVE-2019-9852).

Description 

  ✦  CVE-2019-9850: Discovered by Alex Infuhr, the vulnerability in LibreOffice exists due to insufficient URL validation that allows malicious attackers to bypass the protection added to patch CVE-2019-9848 and again trigger calling LibreLogo from script event handlers.
  ✦  CVE-2019-9851: Discovered by Gabriel Masei, this flaw resides in a separate feature where documents can specify pre-installed scripts, just like LibreLogo, which can be executed on various global script events such as document-open, etc.
  ✦  CVE-2019-9852: Discovered by Nils Emmerich of ERNW Research GmbH, a URL encoding attack could allow attackers to bypass patch for directory traversal attack.

By using above vulnerabilities an attacker could send a crafted document to users and then silently execute malicious commands on the system.

Impact 

  ✦  Execute arbitrary code
  ✦  Data modifications

Solution/ Workarounds 

  ✦  Apply LibreOffice latest patch 6.2.6/6.3.0

References 

  ✦  https://thehackernews.com/2019/08/libreoffice-patch-update.html

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind.
 

Last updated: Mon Aug 19 2019