Easily exploitable LibreOffice flaw is a godsend for hackers

A serious LibreOffice flaw can be easily exploited by attackers to deliver malware on computers running a vulnerable version of the popular free and open source office suite.

LibreOffice flaw

According to The Document Foundation, which develops the software suite, the vulnerability (CVE-2016-4324) arises from an insufficient check for validity while parsing the Rich Text Format (RTF) character style index.

It is a Use After Free vulnerability that could ultimately allow for malicious code execution. And, unfortunately, it’s easy to exploit.

“A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an invalid pointer referencing previously used memory on the heap. By carefully manipulating the contents of the heap, this vulnerability can be able to be used to execute arbitrary code,” says Cisco Talos technical lead of security research Martin Lee.

The attacker has to know how to create such a file, and the trick the targeted user into opening it via a vulnerable version of LibreOffice.

“Attackers have previously exploited RTF parser vulnerabilities in MS Office, and used RTF files as a vector for embedding other malicious objects,” Lee noted. “Raising awareness of the existence of vulnerabilities such as these with users can help in reminding people not to open unexpected or suspicious emails or files.”

Luckily, there is currently no indication that the flaw is being exploited in the wild, but now that the existence of the flaw has been made public it’s possible that it soon will, and upgrading to the latest version (5.1.4) of the suite is advised.

LibreOffice might not be as popular and widely used as MS Office, but it was used by over 75 million users in 2013, and that number is growing with each passing year.

Among its users are many government, city and law enforcement agencies and departments in many countries of the European Union, as well as all UK Government agencies nationwide.

The flaw was discovered by Cisco Talos researcher Aleksandar Nikolic.

Don't miss