RCE Flaw Found in LibreOffice for Windows and Linux, Users Must Update ASAP
A Remote Code Execution (RCE) vulnerability was discovered in LibreOffice on Windows and Linux, and users are now recommended to update to the latest versions, as patches have already been issued.
Discovered by security researcher security researcher Alex Inführ, the flaw can be exploited with just a malicious ODT document that includes code for running a macro with a mouse-hover action.
In an analysis of the vulnerability on his blog, Inführ explains that both Windows and Linux versions of LibreOffice are affected, and successful exploits have been tested on version 18.104.22.168.
The Document Foundation acknowledged the bug in CVE-2018-16858, adding that the flaw is already resolved in LibreOffice 6.0.7 and 6.1.3, so installing a newer version should technically keep users protected…. (read more)