It’s 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer.No, I’m not talking about yet another vulnerability in Microsoft Office, but in two other most popular alternatives—LibreOffice and Apache OpenOffice—free, open source office software used by millions of Windows, MacOS and Linux users.Security researcher Alex Inführ has discovered a severe remote code execution (RCE) vulnerability in these two open source office suites that could be triggered just by opening a maliciously-crafted ODT (OpenDocument Text) file.
The attack relies on exploiting a directory traversal flaw, identified as CVE-2018-16858, to automatically execute a specific python library bundled within the software using a hidden onmouseover event.To exploit this vulnerability, Inführ created an ODT file with a white-colored hyperlink (so it can’t be seen) that has an “onmouseover” event to trick victims into executing a locally available python file on their system when placing their mouse anywhere on the invisible hyperlink.According to the researcher, the python file, named “pydoc.py,” that comes included with the LibreOffice’s own Python interpreter accepts arbitrary commands in one of its parameters and execute them through the system’s command line or console.PoC Exploit and Video Demo Released
Inführ provided a proof-of-concept (PoC) video demonstration showing how he was able to trick the event into calling a specific function within a Python file, which eventually executed the researcher’s payload through Windows command line (cmd) without showing any warning dialog to the user.[embedded content]
The researcher also released the PoC exploit code for the vulnerability and stressed that though he tested his exploit on Microsoft’s Windows operating system, it should work on Linux, as well.Inführ reported the vulnerability to LibreOffice and Apache OpenOffice on October 18 last year. While LibreOffice …