{"id":14514,"date":"2019-02-06T16:10:03","date_gmt":"2019-02-07T00:10:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/02\/06\/news-8264\/"},"modified":"2019-02-06T16:10:03","modified_gmt":"2019-02-07T00:10:03","slug":"news-8264","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/02\/06\/news-8264\/","title":{"rendered":"New critical vulnerability discovered in open-source office suites"},"content":{"rendered":"

Credit to Author: J\u00e9r\u00f4me Segura| Date: Wed, 06 Feb 2019 17:16:50 +0000<\/strong><\/p>\n

A great number of attack techniques these days are using Microsoft Office documents to distribute malware. In recent years, there has been serious development on document exploit kit builders<\/a>, not to mention the myriad of tricks<\/a> that red-teamers have come up with to bypass security solutions.<\/p>\n

In contrast to drive-by downloads that require no user interaction, document-based attacks usually incorporate some kind of social engineering component. From being lured into opening up an attachment to enabling the infamous macros, attackers are using all sorts of themes and spear phishing techniques to infect their victims.<\/p>\n

While Microsoft Office gets all of the attention, other productivity software suites have been exploited before. We recall the\u00a0Hangul Office Suite<\/a>, which is popular in South Korea and was used by threat groups in targeted attacks<\/a>.<\/p>\n

Today we look at a vulnerability in LibreOffice, the free and open-source office suite, and OpenOffice (now Apache OpenOffice) available for Windows, Mac, and Linux. The bug (CVE-2018-16858<\/a>) was discovered by Alex Inf\u00fchr<\/a>, who responsibly disclosed it and then published the results with an accompanying proof of concept on his blog<\/a>.<\/p>\n

\"\"<\/a><\/p>\n

Proof of concept code exploiting the vulnerability and launching the calculator<\/p>\n<\/div>\n

An attacker could take advantage of this bug to execute remote code, which could lead to compromising the system. The flaw uses a mouseover event, which means the user would have to be tricked into placing their mouse over a link within the document. This triggers execution of a Python file (installed with LibreOffice) and allows parameters to be passed and executed.<\/p>\n

We tested several proof of concepts shared by John Lambert<\/a>.\u00a0 The process flow typically goes like this: soffice.exe -> soffice.bin -> cmd.exe -> calc.exe<\/strong><\/em><\/p>\n

\"\"<\/a><\/p>\n

The vulnerability has been patched in LibreOffice but not in Apache OpenOffice\u2014yet. Malwarebytes<\/a> users were already protected against it without the need for a detection update.<\/p>\n

Time will tell if this vulnerability ends up being used in the wild. It’s worth noting that not everyone uses Microsoft Office, and threat actors could consider it for targeting specific victims they know may be using open-source productivity software.<\/p>\n

The post New critical vulnerability discovered in open-source office suites<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: J\u00e9r\u00f4me Segura| Date: Wed, 06 Feb 2019 17:16:50 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
A security researcher recently published a proof of concept exploit for open-source office software LibreOffice and OpenOffice. Will this new vulnerability be used in the wild? <\/p>\n

Categories: <\/p>\n