Inführ provided a proof-of-concept (PoC) video demonstration showing how he was able to trick the event into calling a specific function within a Python file, which eventually executed the researcher's payload through Windows command line (cmd) without showing any warning dialog to the user. LibreOffice has started since 2010 a constant refactoring of the code, some of which dates to the nineties, allowing the project to add more features easily and overcome technical barriers. To exploit this vulnerability, Inführ created an ODT file with a white-colored hyperlink (so it can't be seen) that has an "onmouseover" event to trick victims into executing a locally available python file on their system when placing their mouse anywhere on the invisible hyperlink.Īccording to the researcher, the python file, named "pydoc.py," that comes included with the LibreOffice's own Python interpreter accepts arbitrary commands in one of its parameters and execute them through the system's command line or console. On the contrary, OpenOffice has a Coverity score of 94 bugs / 100,000 lines of code (10,500 unfixed bugs). The attack relies on exploiting a directory traversal flaw, identified as CVE-2018-16858, to automatically execute a specific python library bundled within the software using a hidden onmouseover event.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |