OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
Just wondering if there has been any news about this vulnerability
https://www.bleepingcomputer.com/news/s ... e-patched/
Hopefully it gets patched.
https://www.bleepingcomputer.com/news/s ... e-patched/
Hopefully it gets patched.
OpenOffice 4.1.5 on Windows 7
Re: OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
To my knowledge no news regarding the reported vulnerability, but one of the easiest ways to keep that from happening is to not open any ODF (though the article specifically states ODT, which is the default extension for Writer documents), that you haven't written yourself.
Obviously this makes sharing files impossible, thus the other fairly secure option (though nothing is 100% secure) is to set the macro security level to Very High.
Macro security level is set via Tools -> Options -> OPenOffice -> Security -> Macro Security.
This area contains 4 options on the first tab, and a second tab where you can specify Trusted Sources.
Obviously this makes sharing files impossible, thus the other fairly secure option (though nothing is 100% secure) is to set the macro security level to Very High.
Macro security level is set via Tools -> Options -> OPenOffice -> Security -> Macro Security.
This area contains 4 options on the first tab, and a second tab where you can specify Trusted Sources.
OpenOffice 4.1.7, LibreOffice 7.0.1.2 on Windows 7 Pro, Ultimate & Windows 10 Home (2004)
If you believe your problem has been resolved, please go to your first post in this topic, click the Edit button and add [Solved] to the beginning of the Subject line.
If you believe your problem has been resolved, please go to your first post in this topic, click the Edit button and add [Solved] to the beginning of the Subject line.
Re: OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
Where can I download the proof of concept?
How can I use the Python runtime to start calc.exe (Windows calculator app) from macro context as demonstrated in the proof of concept video?
The description says that you can call macros in the global context without macro warning. This is true. But how to proceed from there?
How can I use the Python runtime to start calc.exe (Windows calculator app) from macro context as demonstrated in the proof of concept video?
The description says that you can call macros in the global context without macro warning. This is true. But how to proceed from there?
Please, edit this topic's initial post and add "[Solved]" to the subject line if your problem has been solved.
Ubuntu 18.04 with LibreOffice 6.0, latest OpenOffice and LibreOffice
Ubuntu 18.04 with LibreOffice 6.0, latest OpenOffice and LibreOffice
Re: OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
According to the bleepingcomputer article linked above, OpenOffice also allows running python-scripts from "anywhere" without macro warning, but it does not allow passing of parameters, a limitation which defeats the given proof-of-concept for LibreOffice. It is also claimed in the article that it is possible to craft an attack which would work against OpenOffice. Yet to be seen...user91 wrote:Just wondering if there has been any news about this vulnerability
https://www.bleepingcomputer.com/news/s ... e-patched/
Re: OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
The guy wrote it down here:Villeroy wrote:Where can I download the proof of concept?
https://insert-script.blogspot.com/2019 ... -code.html
OpenOffice 4.1.5 on Windows 7
Re: OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
If you can drop a Python file to a known place on the system you have full control anyways and the office suite is just a clumsier way to execute a Python script. by the way: there are lots of script events under Tools>Customize that do not require invisible hyperlinks with mouse-over events. Just call your script when loading the file or when loading any file.Alex Inführ wrote:To properly exploit this behavior, we need to find a way to load a python file we have control over and know its location.
If the solution to the problem implies that scripts are executed only in <profile>/Scripts/python/ then the attacker's solution is to drop his script right there.
Please, edit this topic's initial post and add "[Solved]" to the subject line if your problem has been solved.
Ubuntu 18.04 with LibreOffice 6.0, latest OpenOffice and LibreOffice
Ubuntu 18.04 with LibreOffice 6.0, latest OpenOffice and LibreOffice
Re: OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
This PoC does not work with AOO:
Fake news!
Fake news!
Re: OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
If you manage to drop a Python script in <user_profile>\Scripts\python you can execute anything you want with the help of a macro free office document.
Please, edit this topic's initial post and add "[Solved]" to the subject line if your problem has been solved.
Ubuntu 18.04 with LibreOffice 6.0, latest OpenOffice and LibreOffice
Ubuntu 18.04 with LibreOffice 6.0, latest OpenOffice and LibreOffice
Re: OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
How can you do this?Villeroy wrote:If you manage to drop a Python script in <user_profile>\Scripts\python
By default, this folder does not exist.
Re: OpenOffice 4.1.6 Vulnerability (CVE-2018-16858)
I guess if the attacker has access to that directory structure, it wouldn't be hard to do the equivalent of mkdir python - this is rather implicit from what Villeroy said above: "If you can drop a Python file to a known place on the system you have full control anyways"
Cheers
David
OS - Slackware 15 64 bit
Apache OpenOffice 4.1.15
LibreOffice 24.2.2.2; SlackBuild for 24.2.2 by Eric Hameleers
David
OS - Slackware 15 64 bit
Apache OpenOffice 4.1.15
LibreOffice 24.2.2.2; SlackBuild for 24.2.2 by Eric Hameleers