Friday, December 13, 2024

Update Now: LibreOffice fixes a critical macro issue

Date:

With a concise security notice LibreOffice warns about a security issue: LibreOffice can execute arbitrary commands as soon as you open an ODT file. No more questions or yellow bars with warnings that you would have to click. Boom!

When you think of macros, you really think of Microsoft Office, where cybercriminals have been using its capabilities for years to infect systems on a large scale. But LibreOffice also masters macros. And if you cleverly embed it in an HTML element, LibreOffice will launch it right on startup without any further prompts or warnings. is enough for that apparentlySomething like

<iframe src='macro:Shell("whatever")'></iframe>

write to file for whatever run. In Heise Security tests, this worked on a Mac; Windows and Linux versions are also likely to be affected by this issue (CVE-2022-3140) (although the advisory is silent on OS versions). Only LibreOffice versions 7.3.6 and 7.4.1 introduce additional checks and display a warning about macros instead. LibreOffice users should update their installation as soon as possible.


(Yes)

to the home page

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

Practice Acrylic Nail Techniques Without Needing a Fake Hand

When you're starting your journey with acrylic nails, practice...

Inside the World of Common Snapping Turtles: Behavior and Habitat

The common snapping turtle (Chelydra serpentina) is one of...

How to Use Video Marketing to Promote B2C Products?

Video marketing has emerged as a powerful tool for...

Adapting to Change: The Future for Leopard Tortoise Environments

Leopard tortoises, known for their striking spotted shells and...