Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Hackers Can Exploit LibreOffice Flaw With RTF Files

The developers of the open source office suite LibreOffice informed users this week that they have patched a vulnerability which could allow attackers to execute arbitrary code using specially crafted RTF files.

The developers of the open source office suite LibreOffice informed users this week that they have patched a vulnerability which could allow attackers to execute arbitrary code using specially crafted RTF files.

The vulnerability, found by Cisco Talos researchers and tracked as CVE-2016-4324, affects the RTF parser in LibreOffice. The flaw can be exploited with an RTF document that contains both a stylesheet and a superscript token.

“A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an invalid pointer referencing previously used memory on the heap. By carefully manipulating the contents of the heap, this vulnerability can be able to be used to execute arbitrary code,” Cisco said.

The attacker needs to somehow trick the targeted individual into opening a malicious RTF file in order to trigger the exploit. It’s not uncommon for cybercriminals to exploit RTF parser vulnerabilities in Microsoft Office to deliver malware and this flaw shows that such attacks are also possible against LibreOffice users.

The issue has been addressed with the release of LibreOffice 5.1.4. Cisco says there is no evidence that this vulnerability has been exploited in the wild, but users are advised to update their installations to protect themselves against potential attacks.

The developers of various Linux distributions are also analyzing the issue and some have already released package updates to patch the flaw.

This is the third vulnerability confirmed by LibreOffice developers this year. In February, The Document Foundation informed users that researchers from VeriSign’s iDefense Labs had identified a couple of memory corruption bugs that could have been exploited to cause a denial-of-service (DoS) condition using specially crafted Lotus Word Pro files.

Cisco Talos researchers recently identified flaws in many popular products, including the chat client PidginTrane thermostats, and the Lhasa, Libarchive and 7-Zip archivers.

Related Reading: Cisco Finds Backdoor Installed on 12 Million PCs

Related Reading: 3.2 Million Devices Exposed to Ransomware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.