Security Flaw Found In Open Source Office Program LibreOffice

August 10, 2019

Written by wukovits

security flaw found in open source office program libreofficeDo you use LibreOffice? It’s an open source clone that’s functionally similar to Microsoft Office that has grown quite popular over the years. It is available for Windows, macOS and Linux systems.

While open-source software solutions generally have the reputation of being safer and more secure, they’re not immune to vulnerabilities.

Recently, a pair of serious un-patched code execution vulnerability has been discovered that could result in malware being installed on your system if you’re not careful. In order to take advantage of the flaw, a hacker would need to create a special “poisoned” LibreOffice document and use social engineering tricks to convince you to open it.

While the company behind LibreOffice moved quickly to patch their software, independent security researcher Alex Infuhr has reported that the patch only corrected one of the two issues.  In addition, he was able to find a way around the company’s fix for the second.

The first vulnerability resides in LibreLogo, which is a programmable vector graphics script that ships by default with LibreOffice.  It allows users to specify pre-installed scripts in a document that can be executed on various events, such as a click or even a mouse hover.

The second issue could allow the inclusion of remote, arbitrary content within a document, even when “Stealth Mode” is enabled.  Note, however, that stealth mode is not enabled by default, but users can activate it to instruct documents to retrieve remote resources only from trusted locations. This is the issue that LibreOffice tried to fix but Infuhr found a way around.

If you want to protect your system from this issue, the best thing you can do would be to manually disable the LibreLogo component by opening the setup to begin the installation, then:

  • Select “Custom” installation
  • Expand “Optional Components”
  • Click on “LibreLogo” and select “This Feature Will Not Be Available.”
  • Then click “Next” and install the software.

That should take care of it!

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...