Thursday, March 28, 2024

Update Now: LibreOffice fixes a critical macro issue

Date:

With a concise security notice LibreOffice warns about a security issue: LibreOffice can execute arbitrary commands as soon as you open an ODT file. No more questions or yellow bars with warnings that you would have to click. Boom!

When you think of macros, you really think of Microsoft Office, where cybercriminals have been using its capabilities for years to infect systems on a large scale. But LibreOffice also masters macros. And if you cleverly embed it in an HTML element, LibreOffice will launch it right on startup without any further prompts or warnings. is enough for that apparentlySomething like

<iframe src='macro:Shell("whatever")'></iframe>

write to file for whatever run. In Heise Security tests, this worked on a Mac; Windows and Linux versions are also likely to be affected by this issue (CVE-2022-3140) (although the advisory is silent on OS versions). Only LibreOffice versions 7.3.6 and 7.4.1 introduce additional checks and display a warning about macros instead. LibreOffice users should update their installation as soon as possible.


(Yes)

to the home page

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

How to Sell CS:GO Skins for Real Money

CS:GO skins have become not just an ordinary design...

Decoding The Diversity: A Guide To Different Types Of Horse Races

Horse racing reaches 585 million households worldwide, enjoying immense...

Maximizing Efficiency: How Our Cloud Services Revolutionized Operations for Small Businesses

Small businesses constantly seek innovative solutions to streamline operations...

Big Data for Musicians: The Game Changer!

In the dynamic realm of the music industry, Viberate...