Your computer can be hacked after opening a document in LibreOffice
Are you using LibreOffice?
If you are using or intending to use LibreOffice, you should be very careful about open files with this software in the near future.
LibreOffice is a free office suite developed by The Document Foundation, well compatible with other office suites and can run on many different operating systems.
- Be wary of disguised Microsoft OneNote Audio phishing emails
LibreOffice is a very popular free office software suite around the world
Due to its usability and stable operation on many different operating system platforms, LibreOffice is very popular and widely used all over the world. However, according to the warning of many reputable security groups, LibreOffice currently contains an unpatched code execution vulnerability, which may allow an attacker to stealthily install malware on his system. You are right after the malicious document file is opened through this free office suite.
According to statistics, LibreOffice is currently one of the most popular open source alternatives for Microsoft Office office applications, and can work perfectly and is available for Windows, Linux and macOS systems.
- Your Linux system can be hacked just by opening a file in Vim or Neovim Editor
Earlier this month, LibreOffice released the latest version: 6.2.5, to completely resolve two serious system vulnerabilities (tracking identifier: CVE-2019-9848 and CVE-2019-9849). However, this patch contains another problem that is equally bad.
Security researcher Alex Inführ was the first to discover LibreOffice problems after installing the new version. Some current issues on LibreOffice have been explained as follows:
CVE-2019-9848: This vulnerability - somehow - still exists in the latest version of the LibreOffice toolkit and is currently in LibreLogo, a programmable vector graphics script, attached. default with LibreOffice.
LibreLogo allows users to specify preinstalled scripts in a document that can be executed on many different events, such as when hovering over.
- Microsoft warned about malicious spam campaigns using vulnerabilities in Office and Wordpad
LibreLogo allows users to specify preinstalled scripts in a document
This vulnerability was first discovered by information security engineer Nils Emmerich. Accordingly, it could allow an attacker to create a malicious document, able to silently execute arbitrary python commands without displaying any warning or signaling to the victim.
Emmerich also provides some conceptual evidence regarding the attacks based on this vulnerability on personal blogs, which you can refer to at the following address: https://insinuator.net/2019/07/ libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848 /
CVE-2019-9849: This vulnerability can now be overcome by installing the latest update (6.2.5), which allows remote attackers to insert arbitrary content into archived documents. Your system, even if you have activated 'stealth mode' (stealth mode).
Invisibility mode is not enabled by default, but users can activate it to guide documents that only take resources from remote locations trusted.
- Microsoft Azure is being used to host malware and C2 servers
How to protect the system against these dangerous vulnerabilities?
Disabling LibreLogo is the most effective situation plan at the moment
Issues with the new LibreOffice update have now been announced by Alex Inführ to the technical department of the application. However, until the LibreOffice team releases additional bug fixes, users are advised to update or reinstall the software without macros, or at least no LibreLogo component, by following Some steps are mentioned below:
- Step 1: Start the installation process
- Step 2: Select the 'Custom' setting
- Step 3: Click on the "Optional Components" extension.
- Step 4: Click "LibreLogo" and select "This Feature Will Not Be Available" (This feature will not be available).
- Step 5: Click 'Next' and then select 'Install the software'.
You should read it
- ProFTPD remote code execution vulnerability affects more than 1 million servers worldwide
- Dell computers became victims of RCE attacks by vulnerabilities in SupportAssist
- Warning: Jenkins exists a serious security hole that helps hackers gain control of computers of many Vietnamese businesses
- Microsoft releases important OOB security updates for Microsoft Office
- Google found 7 security bugs on the famous network software Dnsmasq
- Many serious vulnerabilities have been discovered that allow attackers to take full control of the 4G router
- Learn about SQL Injection and how to prevent it
- Detect dangerous security holes affecting many D-Link routers
- Your Linux system can be hacked just by opening a file in Vim or Neovim Editor
- Detects code execution vulnerabilities in WinRAR, noting more than 100 infringement cases
- Top 5 most dangerous remote execution vulnerabilities in early 2020, some even automatically infect other computers without users knowing.
- Serve a serious flaw in Avast Desktop Antivirus Windows application
Maybe you are interested
Why use LibreOffice instead of Microsoft 365?
How to install LibreOffice on Ubuntu, Linux Mint
3 ways to customize menus and toolbars in LibreOffice
How to set up LibreOffice Writer to run like Microsoft Word
LibreOffice 7.2.2/7.1.6 , download LibreOffice 7.2.2/7.1.6 here
How to install the latest LibreOffice version on CentOS 8