CIS CYBERSECURITY ADVISORIES
MS-ISAC ADVISORY NUMBER:
Vulnerability in Apache OpenOffice and LibreOffice Could Allow Remote Code Execution
A vulnerability has been discovered in LibreOffice and Apache OpenOffice which could allow for remote code execution. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged-on user and allow for the execution of arbitrary code.
There are currently no reports of this vulnerability being exploited in the wild.
- Apache OpenOffice 4.1.1 and prior
- LibreOffice versions other than 4.3.7 and 4.4.2
- Large and medium government entities:High
- Small government entities:High
- Large and medium business entities:High
- Small business entities:High
Home users: High
A vulnerability in OpenOffice and LibreOffice Hangul Word Processor (HWP) filters has been confirmed by each vendor. This vulnerability could be exploited by opening a specially crafted HWP formatted document (“.hwp”) via an e-mail attachment. When a user running a vulnerable version of the product opens a HWP document, malicious code could then be executed.
Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend the following actions be taken:
- LibreOffice users should update to the latest version of LibreOffice after appropriate testing.
- OpenOffice is anticipating a fix in version 4.1.2, not yet released, but offers a workaround solution. Refer to the Apache OpenOffice advisory referenced below.
- Run all software as a non-privileged user to diminish effects of a successful attack.
- Remind users not to click links or open attachments from unknown sources, or to click links without verifying the intended destination.