[German]There is a micro patch for the 0-day vulnerability CVE-2018-16858 in OpenOffice. And for the vulnerability (patched in LibreOffice by an update) there is a Proof of Concept (PoC).
LibreOffice RCE vulnerability CVE-2018-16858
In LibreOffice (and OpenOffice) there is a remote code execution vulnerability CVE-2018-16858, which I had briefly addressed in the blog post Remote Code Execution vulnerability in LibreOffice. This vulnerability has been fixed in LibreOffice 6.0.7/6.1.3 as you can read in this LibreOffice document. Now John Lambert from Microsoft Threat Intelligence Center points out a Proof of Concept (PcC) to exploit the vulnerability (in LibreOffice and OpenOffice)
Use LibreOffice? You might be interested in this PoC for CVE-2018-16858 (discovered by @insertScript) uploaded to VT as LibreOfficeExploit.fodt.
— John Lambert (@JohnLaTwC) 5. Februar 2019
The PoC was developed by Alex Inführ, a blogger from Austria. He also discovered the vulnerability and now published the approach for a PoC in the article Libreoffice (CVE-2018-16858) – Remote Code Execution via Macro/Event execution. If you use LibreOffice, you should update to version 6.0.7/6.1.3 as soon as possible.
A OpenOffice Micro-Patch for CVE-2018-16858
All versions of OpenOffice/LibreOffice have the CVE-2018-16858 vulnerability up to version 6.0.6/220.127.116.11. The vulnerability has received a CVSS3 base score of 7.8 (moderate) from Red Hat. While the developers in LibreOffice have closed it in versions 6.0.7/6.1.3, the OpenOffice developers do not lag behind with updates.
Note: the micropatch only applies to the latest version of OpenOffice for Windows (version 4.1.6). In addition to this micropatch, we also released two micropatches (32-bit and 64-bit) for the same issue in the latest vulnerable version of LibreOffice (version 18.104.22.168).
— 0patch (@0patch) 13. Februar 2019
For the Windows version of OpenOffice, 0patch has released a mico patch to close the vulnerability (see tweet above). Bleeping Computer has published some information here.