![]() The researcher then exploited a separate weakness that allowed him to pass parameters of his choice to the command. That allowed Inführ to invoke the cmd command on the vulnerable computer. The chief vulnerability exploited is a path traversal that allowed the attack code to move out of its current directory and into one that contained a sample Python script that LibreOffice installed by default. On Wednesday, researcher John Lambert provided additional PoC samples. The only interaction that was required was that the target user hover over an invisible link with a mouse. ![]() Read honest and unbiased product reviews from our users. His disclosure included a proof-of-concept exploit that successfully executed commands on computers running what was then a fully patched version of LibreOffice. Find helpful customer reviews and review ratings for Office Suite 2021 Compatible with Microsoft Off2013 Powered by Apache OpenOffice on USB with Lifetime License for Windows 10 8.1 8 7 Vista XP 32 64-Bit PC, macOS & Mac OS X at. ![]() A similar flaw in Apache OpenOffice remains unfixed.Īustrian researcher Alex Inführ publicly reported the vulnerability on Friday, shortly after it was fixed in LibreOffice. LibreOffice, an open source clone of Microsoft Office, has patched a bug that allowed attackers to execute commands of their choosing on vulnerable computers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |