Blog

Security Flaw Found In Open Source Office Program LibreOffice

Aug 10, 2019 | Blog

Do you use LibreOffice? It’s an open source clone that’s functionally similar to Microsoft Office that has grown quite popular over the years. It is available for Windows, macOS and Linux systems.

While open-source software solutions generally have the reputation of being safer and more secure, they’re not immune to vulnerabilities.

Recently, a pair of serious un-patched code execution vulnerability has been discovered that could result in malware being installed on your system if you’re not careful. In order to take advantage of the flaw, a hacker would need to create a special “poisoned” LibreOffice document and use social engineering tricks to convince you to open it.

While the company behind LibreOffice moved quickly to patch their software, independent security researcher Alex Infuhr has reported that the patch only corrected one of the two issues.  In addition, he was able to find a way around the company’s fix for the second.

The first vulnerability resides in LibreLogo, which is a programmable vector graphics script that ships by default with LibreOffice.  It allows users to specify pre-installed scripts in a document that can be executed on various events, such as a click or even a mouse hover.

The second issue could allow the inclusion of remote, arbitrary content within a document, even when “Stealth Mode” is enabled.  Note, however, that stealth mode is not enabled by default, but users can activate it to instruct documents to retrieve remote resources only from trusted locations. This is the issue that LibreOffice tried to fix but Infuhr found a way around.

If you want to protect your system from this issue, the best thing you can do would be to manually disable the LibreLogo component by opening the setup to begin the installation, then:

  • Select “Custom” installation
  • Expand “Optional Components”
  • Click on “LibreLogo” and select “This Feature Will Not Be Available.”
  • Then click “Next” and install the software.

That should take care of it!

 

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech