Cure53 company specialist Alex Inführ warned that the patch for the recently fixed vulnerability in…
“Bypassed successfully the fix of CVE-2019-9848 in LibreOffice 6.2.5. It’s time to write a new email”, — wrote Alex Inführ on Twitter
It is worth noting that this was not a trivial issue: to exploit a bug related to the LibreLogo component, the victim only had to open a malicious document in LibreOffice, which could entail code execution.
As it turned out now, Infour was not the only one who managed to circumvent the initial fix for CVE-2019-9848. So, in LibreOffice 6.2.6 / 6.3.0, two options for bypassing the patch were fixed right away:
Read also: The patch for vulnerability in LibreOffice was ineffective
Another problem fixed with the release of LibreOffice 6.2.6 / 6.3.0 was associated with a bypass patch for the vulnerability CVE-2018-16858, fixed in February of this year. Information security specialist Nils Emmerich discovered that an attack on a directory bypass is still possible, regardless of the patch. So, the malicious document could still execute an arbitrary script from an arbitrary location in the victim’s file system.
“Macros shipped with LibreOffice are executed without prompting the user, even on the highest macro security setting. So, if there would be a system macro from LibreOffice with a bug that allows to execute code, the user would not even get a prompt and the code would be executed right away, — Nils Emmerich reported about the bug.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…