LibreOffice Vulnerable to Code Execution in URL Mouseover Preview Feature
Researcher Alex Inführ discovered that LibreOffice 6.1.0-6.1.3.1 is susceptible to a code injection attack if a user hovers their mouse over a malicious URL.
Background
Researcher Alex Inführ disclosed a LibreOffice vulnerability (CVE-2018-16858) in versions 6.1.0-6.1.3.1 which shows that code injection is possible on both Linux and Windows versions when a user hovers their mouse over a malicious URL.
Update: Tenable Research was able to confirm that this vulnerability is also exploitable on macOS by editing the Proof of Concept (PoC) code.
분석
While this vulnerability does require user interaction, an OpenDocument Text (ODT) file containing a malicious URL is not likely to be flagged by most corporate security defenses. There isn’t any malicious code or otherwise altered elements to the document. It wouldn’t be seen as malware, and the text can be changed to the same color as the document background to make it invisible to the average user.
Furthermore, when the vulnerability is exploited, it doesn’t generate a warning dialogue of any kind. As soon as the user hovers over the malicious URL, the code is executed immediately. The current Still (Stable) Branch of LibreOffice (6.0.7) is not susceptible to this vulnerability.
Below is the researcher’s Proof of Concept video demonstrating an invisible URL opening a command prompt on the vulnerable version:
Solution
LibreOffice addressed this vulnerability in release 6.1.3.2, and upgrading to that version or later should mitigate the vulnerability.
Identifying affected systems
A list of Nessus plugins to identify this vulnerability can be found here as they're released.
Get more information
- Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
- Latest Versions of LibreOffice
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.
Get a free 60-day trial of Tenable.io Vulnerability Management.
관련 기사
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
May 16, 2024Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
May 14, 2024Microsoft addresses 59 CVEs in its May 2024 Patch Tuesday release with one critical vulnerability and three zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities
May 9, 2024Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
May 16, 2024Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
May 14, 2024Microsoft addresses 59 CVEs in its May 2024 Patch Tuesday release with one critical vulnerability and three zero-day vulnerabilities, two of which were exploited in the wild.
Tenable Cloud Security Study Reveals a Whopping 95% of Surveyed Organizations Suffered a Cloud-Related Breach Over an 18-Month Period
May 14, 2024The finding from the Tenable 2024 Cloud Security Outlook study is a clear sign of the need for proactive and robust cloud security. Read on to learn more about the study’s findings, including the main challenges cloud security teams face, their strategies for better protecting their cloud infrastructure and the tools they use to measure success.
- Vulnerability Management