Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
SEVERITY: Medium
CATEGORY: Vulnerability
Analysis Summary
By tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded, it is possible to launch a directory traversal attack executing a python method from a script in any arbitrary file system location. Exploiting CVE-2018-16858, it is possible to trigger the automatic execution of a specific python library included in the suite using a hidden onmouseover event. On further analysis, researchers found out that under certain circumstances it is not only possible to specify the function you want to call inside a python script, but passing parameters is also a possibility.
In the fixed versions, access is restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install.
Impact
Remote Code Execution
Affected Products
LibreOffice
OpenOffice
Remediation
While LibreOffice has been fixed with the release of LibreOffice 6.0.7/6.1.3, update to the fixed versions. OpenOffice is still awaiting a fix. Meanwhile, it is possible to remove or rename the pythonscript.py file in the installation folder to disable the support for python.