News

LibreOffice developers fixed three vulnerabilities that allowed to bypass previous patches

The developers updated LibreOffice to versions 6.2.6 / 6.3.0, in which they fixed three serious vulnerabilities at once. These bugs allowed bypassing patches for other dangerous problems which specialists discovered earlier.

The problems with previous patches were reported last month. In particular, then Cure53 specialist Alex Inführ warned that the fix for the vulnerability CVE-2019-9848 can be bypassed.

“Bypassed successfully the fix of CVE-2019-9848 in LibreOffice 6.2.5. It’s time to write a new email”, — wrote Alex Inführ on Twitter

It is worth noting that this was not a trivial issue: to exploit a bug related to the LibreLogo component, the victim only had to open a malicious document in LibreOffice, which could entail code execution.

As it turned out now, Infour was not the only one who managed to circumvent the initial fix for CVE-2019-9848. So, in LibreOffice 6.2.6 / 6.3.0, two options for bypassing the patch were fixed right away:

Inführ
  1. CVE-2019-9850: Vulnerability discovered by Infur was due to insufficient URL checking. As a result, the attacker could bypass the patch and initiate a call to LibreLogo;
  2. CVE-2019-9851: a problem discovered by Gabriel Masei was related to a function due to which documents can use predefined scripts (such as LibreLogo) that can be executed on various global script events (opening a document and so on).

Read also: The patch for vulnerability in LibreOffice was ineffective

Another problem fixed with the release of LibreOffice 6.2.6 / 6.3.0 was associated with a bypass patch for the vulnerability CVE-2018-16858, fixed in February of this year. Information security specialist Nils Emmerich discovered that an attack on a directory bypass is still possible, regardless of the patch. So, the malicious document could still execute an arbitrary script from an arbitrary location in the victim’s file system.

“Macros shipped with LibreOffice are executed without prompting the user, even on the highest macro security setting. So, if there would be a system macro from LibreOffice with a bug that allows to execute code, the user would not even get a prompt and the code would be executed right away, — Nils Emmerich reported about the bug.

In fact, using these three vulnerabilities, an attacker could achieve the execution of any malicious commands on the target machine. And to implement the attack, it was enough just to force the user to open a malicious document.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

1 day ago