Vulnerability Of LibreOffice Can Hack Your System, Just By Opening a Document In LibreOffice
By Prempal Singh
If you are using LibreOffice, “Be extra careful”.
By opening a document file in LibreOffice, can hack your system.
That’s because LibreOffice comprises an extreme unpatched code execution vulnerability that would execute malware into your system as swiftly as you open a maliciously formed doc file.
LibreOffice is one the most usable and open source similar to Microsoft Office suite, it is compatible with three OS Windows, Linux, Mac.
CVE-2019-9848: This vulnerability, resides in LibreLogo, LibreOffice allows users to specify pre-installed scripts are executable on various events like mouse-over, etc.LibroLogo of LibreOffice is a programmable invert vector graphics script, the flaw could allow an attacker to frame a malicious doc file that can be manipulated to execute arbitrary python commands silently without any warning displaying on the target user.
CVE-2019-9849: This vulnerability is because LibreOffice has a ‘stealth mode’ that could allow the exclusion of remote arbitrary content within a document. by default, the stealth mode is disabled, but users can enable it to instruct documents retrieve remote resources only from trusted locations. A flaw existed where bullet graphics were omitted.
This issue affects the Document Foundation LibreOffice versions prior to 6.2.5
How to Protect Your System
Users are recommended to update or reinstall the software without the LibreLogo component, for avoiding the same, you can follow these steps.
- Open the setup to start the installation
- Select “Custom” installation
- Expand “Optional Components”
- Click on “LibreLogo” and by selecting this feature will not be available
- Click Next and then Install the software