The researcher then exploited a separate weakness that allowed him to pass parameters of his choice to the command. RT AnnyAllerton: Patch Alert A flaw in LibreOffice & ApacheOO OpenOffice allows crooks to make documents appear to be signed by a trusted source - update to. That allowed Inführ to invoke the cmd command on the vulnerable computer. The chief vulnerability exploited is a path traversal that allowed the attack code to move out of its current directory and into one that contained a sample Python script that LibreOffice installed by default. Of course, if you start using them extensively, you. Esto te permite editar textos, diseñar presentaciones y crear tablas en tu entorno de trabajo diario. Tanto con LibreOffice como con OpenOffice, obtienes una alternativa a MS Office que ofrece las funcionalidades básicas de Microsoft 365. Unfortunately, the similarities fade away as you look for various features, user interface, file format compatibility, export capabilities, and other characteristics. Conclusión: la utilidad es el factor decisivo para elegir entre LibreOffice u OpenOffice. On Wednesday, researcher John Lambert provided additional PoC samples. LibreOffice and OpenOffice are capable enough to open various file formats that include Microsoft’s DOCX, PPT, and more. It provides a defense against memory safety bugs but does not eliminate other. Exploiting the bug would allow an adversary to spoof digital signatures in signed documents as a valid signature. For OpenOffice, that would be 4.1.10 and later, and for LibreOffice, 7.0.5 or 7.1.1 and later. The only interaction that was required was that the target user hover over an invisible link with a mouse. LibreOffice, OpenOffice Vulnerability Patched. ![]() His disclosure included a proof-of-concept exploit that successfully executed commands on computers running what was then a fully patched version of LibreOffice. A similar flaw in Apache OpenOffice remains unfixed.Īustrian researcher Alex Inführ publicly reported the vulnerability on Friday, shortly after it was fixed in LibreOffice. LibreOffice, an open source clone of Microsoft Office, has patched a bug that allowed attackers to execute commands of their choosing on vulnerable computers. If updating to the latest version is not possible for any reason, you can always opt to completely disable the macro features on your office suite, or avoid trusting any documents containing macros.Lisa Brewster / Flickr reader comments 133 with If you're using Linux and the aforementioned versions aren't available on your distribution's package manager yet, you are advised to download the 'deb', or 'rpm' package from the Download center or build LibreOffice from source. Since neither of these two applications offer auto-updating, you should do it manually by downloading the latest version from the respective download centers - LibreOffice, OpenOffice. ![]() ![]() ![]() If you're using either of the open-source office suites, you're advised to upgrade to the latest available version immediately. The same flaw impacts LibreOffice, which is a fork of OpenOffice spawned from the main project over a decade ago, and for their project is tracked as CVE-2021-25635. BleepingComputer reports: The discovery of the flaw, which is tracked as CVE-2021-41832 for OpenOffice, was the work of four researchers at the Ruhr University Bochum. Although the severity of the flaw is classified as moderate, the implications could be dire. To fix the vulnerabilities, current versions of The Document Foundation (7.2.1) and Apache (4.1.11) are available for download. LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source. By exploiting the vulnerabilities, the attacker is able to manipulate data to make it appear to have been signed by a trusted source.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |