OpenOffice and LibreOffice RCE Vulnerability

A security researcher has discovered a remote code execution vulnerability that affects both LibreOffice and Apache OpenOffice. An attacker can exploit this vulnerability to remotely execute arbitrary code on an affected system.

Threat ID:: CC-2920
Category:
Threat Severity:: Low
Threat Vector:
Published:: 7 February 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Threat details

For further information:

CVE-2018-16858

Remediation steps

Type	Step
	LibreOffice have released updates to address this vulnerability. Users and administrators are encouraged to review their security advisory and apply the necessary updates. At the time of publication, Apache are yet to release an update for OpenOffice to address this vulnerability. As a temporary measure, users and administrators are encouraged to remove or rename the pythonscript.py file found in the installation folder to disable the support for python.

Type

Step

LibreOffice have released updates to address this vulnerability. Users and administrators are encouraged to review their security advisory and apply the necessary updates.

At the time of publication, Apache are yet to release an update for OpenOffice to address this vulnerability. As a temporary measure, users and administrators are encouraged to remove or rename the pythonscript.py file found in the installation folder to disable the support for python.

Last edited: 14 February 2020 2:44 pm