News

LibreOffice developers fixed three vulnerabilities that allowed to bypass previous patches

Photo of Daniel Zimmermann Daniel ZimmermannAugust 20, 2019
0 64 1 minute read

The developers updated LibreOffice to versions 6.2.6 / 6.3.0, in which they fixed three serious vulnerabilities at once. These bugs allowed bypassing patches for other dangerous problems which specialists discovered earlier.

The problems with previous patches were reported last month. In particular, then Cure53 specialist Alex Inführ warned that the fix for the vulnerability CVE-2019-9848 can be bypassed.

“Bypassed successfully the fix of CVE-2019-9848 in LibreOffice 6.2.5. It’s time to write a new email”, — wrote Alex Inführ on Twitter

It is worth noting that this was not a trivial issue: to exploit a bug related to the LibreLogo component, the victim only had to open a malicious document in LibreOffice, which could entail code execution.

As it turned out now, Infour was not the only one who managed to circumvent the initial fix for CVE-2019-9848. So, in LibreOffice 6.2.6 / 6.3.0, two options for bypassing the patch were fixed right away:

Inführ
Inführ
  1. CVE-2019-9850: Vulnerability discovered by Infur was due to insufficient URL checking. As a result, the attacker could bypass the patch and initiate a call to LibreLogo;
  2. CVE-2019-9851: a problem discovered by Gabriel Masei was related to a function due to which documents can use predefined scripts (such as LibreLogo) that can be executed on various global script events (opening a document and so on).

Read also: The patch for vulnerability in LibreOffice was ineffective

Another problem fixed with the release of LibreOffice 6.2.6 / 6.3.0 was associated with a bypass patch for the vulnerability CVE-2018-16858, fixed in February of this year. Information security specialist Nils Emmerich discovered that an attack on a directory bypass is still possible, regardless of the patch. So, the malicious document could still execute an arbitrary script from an arbitrary location in the victim’s file system.

“Macros shipped with LibreOffice are executed without prompting the user, even on the highest macro security setting. So, if there would be a system macro from LibreOffice with a bug that allows to execute code, the user would not even get a prompt and the code would be executed right away, — Nils Emmerich reported about the bug.

In fact, using these three vulnerabilities, an attacker could achieve the execution of any malicious commands on the target machine. And to implement the attack, it was enough just to force the user to open a malicious document.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannAugust 20, 2019
0 64 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Chrome extensions tracking the user

Chrome Extensions May Be Tracking the User on the Internet

June 21, 2022
Microsoft seized control of domains

Microsoft seized control of 42 domains of Chinese hack group Nickel

December 8, 2021
Hacker sex worker forums

Famous hacker through vulnerability in vBulletin crushed into forums for sex workers

October 12, 2019
Maze leaked data from Costa Rica

Maze ransomware operators leaked data on Costa Rica bank customers

May 26, 2020

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button