Your computer can be hacked after opening a document in LibreOffice

Are you using LibreOffice?

If you are using or intending to use LibreOffice, you should be very careful about open files with this software in the near future.

LibreOffice is a free office suite developed by The Document Foundation, well compatible with other office suites and can run on many different operating systems.

1. Be wary of disguised Microsoft OneNote Audio phishing emails

LibreOffice is a very popular free office software suite around the world

Due to its usability and stable operation on many different operating system platforms, LibreOffice is very popular and widely used all over the world. However, according to the warning of many reputable security groups, LibreOffice currently contains an unpatched code execution vulnerability, which may allow an attacker to stealthily install malware on his system. You are right after the malicious document file is opened through this free office suite.

According to statistics, LibreOffice is currently one of the most popular open source alternatives for Microsoft Office office applications, and can work perfectly and is available for Windows, Linux and macOS systems.

1. Your Linux system can be hacked just by opening a file in Vim or Neovim Editor

Earlier this month, LibreOffice released the latest version: 6.2.5, to completely resolve two serious system vulnerabilities (tracking identifier: CVE-2019-9848 and CVE-2019-9849). However, this patch contains another problem that is equally bad.

Security researcher Alex Inführ was the first to discover LibreOffice problems after installing the new version. Some current issues on LibreOffice have been explained as follows:

CVE-2019-9848: This vulnerability - somehow - still exists in the latest version of the LibreOffice toolkit and is currently in LibreLogo, a programmable vector graphics script, attached. default with LibreOffice.

LibreLogo allows users to specify preinstalled scripts in a document that can be executed on many different events, such as when hovering over.

1. Microsoft warned about malicious spam campaigns using vulnerabilities in Office and Wordpad

LibreLogo allows users to specify preinstalled scripts in a document

This vulnerability was first discovered by information security engineer Nils Emmerich. Accordingly, it could allow an attacker to create a malicious document, able to silently execute arbitrary python commands without displaying any warning or signaling to the victim.

Emmerich also provides some conceptual evidence regarding the attacks based on this vulnerability on personal blogs, which you can refer to at the following address: https://insinuator.net/2019/07/ libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848 /

CVE-2019-9849: This vulnerability can now be overcome by installing the latest update (6.2.5), which allows remote attackers to insert arbitrary content into archived documents. Your system, even if you have activated 'stealth mode' (stealth mode).

Invisibility mode is not enabled by default, but users can activate it to guide documents that only take resources from remote locations trusted.

1. Microsoft Azure is being used to host malware and C2 servers

How to protect the system against these dangerous vulnerabilities?

Disabling LibreLogo is the most effective situation plan at the moment

Issues with the new LibreOffice update have now been announced by Alex Inführ to the technical department of the application. However, until the LibreOffice team releases additional bug fixes, users are advised to update or reinstall the software without macros, or at least no LibreLogo component, by following Some steps are mentioned below:

1. Step 1: Start the installation process
2. Step 2: Select the 'Custom' setting
3. Step 3: Click on the "Optional Components" extension.
4. Step 4: Click "LibreLogo" and select "This Feature Will Not Be Available" (This feature will not be available).
5. Step 5: Click 'Next' and then select 'Install the software'.