{"id":8486,"date":"2019-02-03T00:04:00","date_gmt":"2019-02-02T23:04:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=8486"},"modified":"2019-02-02T23:47:57","modified_gmt":"2019-02-02T22:47:57","slug":"remote-code-execution-vulnerability-in-libreoffice","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/02\/03\/remote-code-execution-vulnerability-in-libreoffice\/","title":{"rendered":"Remote Code Execution vulnerability in LibreOffice"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">Libreoffice has a remote code execution vulnerability (CVE-2018-16858) that can be exploited via macro\/event execution. A malicious ODT document may be used to trigger the vulnerability CVE-2018-16858. <\/p>\n<p><!--more--><\/p>\n<p>When we talk about Office vulnerabilities, Microsoft and its products were usually meant. Now it has hit the free Office version LibreOffice. The following tweet has just come to my attention. <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">CVE-2018-16858 &#8211; Remote Code Execution via Macro\/Event execution in LibreOffice (nothing is sacred anymore)<a href=\"https:\/\/t.co\/ZRXMyxeuGz\">https:\/\/t.co\/ZRXMyxeuGz<\/a> <a href=\"https:\/\/t.co\/PiqIrJqeaM\">pic.twitter.com\/PiqIrJqeaM<\/a><\/p>\n<p>\u2014 Catalin Cimpanu (@campuscodi) <a href=\"https:\/\/twitter.com\/campuscodi\/status\/1091375832659099648?ref_src=twsrc%5Etfw\">1. Februar 2019<\/a><\/p><\/blockquote>\n<p><span id=\"preserve80980f8d761f46d5b5ab93d31719abc4\" class=\"wlWriterPreserve\"><SCRIPT charset=\"utf-8\" src=\"https:\/\/platform.twitter.com\/widgets.js\" async><\/SCRIPT><\/span> <\/p>\n<p>Someone took a look at LibreOffice and discovered a way to execute code remotely. Remote code execution is possible when a user opens a malicious ODT file and moves the mouse over the document. Then the code is executed without triggering a warning dialog.&nbsp; <\/p>\n<p>This approach and the vulnerability are described in <a href=\"https:\/\/insert-script.blogspot.com\/2019\/02\/libreoffice-cve-2018-16858-remote-code.html\" target=\"_blank\">this blog post<\/a>. The vulnerability is discussed in the context of Windows, but the vulnerability (CVE-2018-16858) can be exploited in the same way under Linux.<\/p>\n<p>Tested LibreOffice version: 6.1.2.1 (6.0.x doesn't allow parameter passing)<br \/>Tested operating systems: Windows + Linux (both affected)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Libreoffice has a remote code execution vulnerability (CVE-2018-16858) that can be exploited via macro\/event execution. A malicious ODT document may be used to trigger the vulnerability CVE-2018-16858.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,580,1547],"tags":[1004,69],"class_list":["post-8486","post","type-post","status-publish","format-standard","hentry","category-office","category-security","category-software","tag-libreoffice","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=8486"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/8486\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=8486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=8486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=8486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}