Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 博客

订阅

LibreOffice Vulnerable to Code Execution in URL Mouseover Preview Feature

Researcher Alex Inführ discovered that LibreOffice 6.1.0-6.1.3.1 is susceptible to a code injection attack if a user hovers their mouse over a malicious URL.

背景

Researcher Alex Inführ disclosed a LibreOffice vulnerability (CVE-2018-16858) in versions 6.1.0-6.1.3.1 which shows that code injection is possible on both Linux and Windows versions when a user hovers their mouse over a malicious URL.

Update: Tenable Research was able to confirm that this vulnerability is also exploitable on macOS by editing the Proof of Concept (PoC) code.

分析

While this vulnerability does require user interaction, an OpenDocument Text (ODT) file containing a malicious URL is not likely to be flagged by most corporate security defenses. There isn’t any malicious code or otherwise altered elements to the document. It wouldn’t be seen as malware, and the text can be changed to the same color as the document background to make it invisible to the average user.

Furthermore, when the vulnerability is exploited, it doesn’t generate a warning dialogue of any kind. As soon as the user hovers over the malicious URL, the code is executed immediately. The current Still (Stable) Branch of LibreOffice (6.0.7) is not susceptible to this vulnerability.

Below is the researcher’s Proof of Concept video demonstrating an invisible URL opening a command prompt on the vulnerable version:

解决方案

LibreOffice addressed this vulnerability in release 6.1.3.2, and upgrading to that version or later should mitigate the vulnerability.

识别受影响的系统

A list of Nessus plugins to identify this vulnerability can be found here as they're released.

获取更多信息

加入 Tenable Community 中的 Tenable 安全响应团队

了解有关 Tenable 这款首创 Cyber Exposure 平台的更多信息,全面管理现代攻击面。

Get a free 60-day trial of Tenable.io Vulnerability Management.

相关文章

您可加以利用的网络安全新闻

输入您的电子邮件,绝不要错过 Tenable 专家的及时提醒和安全指导。