REWTERZ THREAT Advisory – LibreOffice and OpenOffice Remote Code Execution Vulnerability

Wednesday, February 6, 2019


CATEGORY: Vulnerability

Analysis Summary

By tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded, it is possible to launch a directory traversal attack executing a python method from a script in any arbitrary file system location. Exploiting CVE-2018-16858, it is possible to trigger the automatic execution of a specific python library included in the suite using a hidden onmouseover event. On further analysis, researchers found out that under certain circumstances it is not only possible to specify the function you want to call inside a python script, but passing parameters is also a possibility.

In the fixed versions, access is restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install.


Remote Code Execution

Affected Products




While LibreOffice has been fixed with the release of LibreOffice 6.0.7/6.1.3, update to the fixed versions. OpenOffice is still awaiting a fix. Meanwhile, it is possible to remove or rename the file in the installation folder to disable the support for python.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 12, February 2019 Rewterz Threat Alert – Phishing Campaign Targeting Bank Employees in Pakistan, Forging Zimbra
  • 11, February 2019 Rewterz Threat Alert -Malware Campaign Hides Ransomware in Super Mario Wrapper
  • 11, February 2019 Rewterz Threat Alert – New Linux coin miner kills competing malware to maximize profits
  • 8, February 2019 Rewterz Threat Advisory -CVE-2018-11803 – Apache Subversion Denial of Service Vulnerability

Copyright © Rewterz. All rights reserved.