CIS Logo
tagline: Confidence in the Connected World

A Vulnerability in LibreOffice Could Allow for Arbitrary Command Execution

MS-ISAC ADVISORY NUMBER:

2019-098

DATE(S) ISSUED:

09/26/2019

OVERVIEW:

A vulnerability has been discovered in LibreOffice, which could allow for arbitrary command execution. LibreOffice is an open-source office suite providing word processing, slides, and spreadsheets. Successful exploitation of this vulnerability will enable the attacker to perform command execution in the context of the user running the affected application. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE:

There is proof-of-concept code available for this vulnerability.

SYSTEMS AFFECTED:

  • LibreOffice 6.2 versions prior to 6.2.7
  • LibreOffice 6.3 versions prior to 6.3.1

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM
Home Users:
LOW

TECHNICAL SUMMARY:

A vulnerability has been discovered in LibreOffice, which could allow for arbitrary command execution. LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained within the document it is launched from. Protection was added to block calling LibreLogo from script event handlers, however a Windows 8.3 path equivalence handling flaw left LibreOffice vulnerable to documents executing LibreLogo via a Windows filename pseudonym. Successful exploitation of this vulnerability will enable the attacker to perform command execution in the context of the user running the affected application. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches or appropriate mitigations provided by LibreOffice to vulnerable systems immediately after appropriate testing
  • Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
  • Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Related Resources



Arrow CIS Control 3: Continuous Vulnerability Assessment and Remediation

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0

Pencil Blog post 05 Dec 2019
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0

Pencil Blog post 03 Dec 2019
CONTROL: 4 --- ADVISORY CONTROL: 0