A micropatch is now available for a zero-day OpenOffice code execution vulnerability which can be triggered via automated macro execution following a mouseover event when viewing a maliciously crafted ODT document.
Using an exploit for this zero-day vulnerability, potential attackers can issue a directory traversal attack against users of all versions of OpenOffice and all LibreOffice releases up to and including 6.0.6/188.8.131.52.
However, the OpenOffice 0day which is currently tracked as CVE-2018-16858 and received a CVSS3 Base Score of 7.8 from Red Hat, has been fixed by The Document Foundation in the LibreOffice 6.0.7/6.1.3 release after receiving a report from security researcher Alex Inführ who discovered the issue.
Patches only the Windows version
According to Inführ, the OpenOffice zero-day vulnerability impacts LibreOffice because of “a feature where documents can specify that pre-installed macros can be executed on various document events such as mouse-over” as detailed in the Directory traversal flaw in script execution advisory published by The Document Foundation on February 1.
While this OpenOffice software flaw impacts both Linux and Windows versions of the program, the micropatch developed by ACROS Security, the company behind the 0patch platform, can only be used to patch Windows OpenOffice release.
Note: the micropatch only applies to the latest version of OpenOffice for Windows (version 4.1.6). In addition to this micropatch, we also released two micropatches (32-bit and 64-bit) for the same issue in the latest vulnerable version of LibreOffice (version 184.108.40.206).
— 0patch (@0patch) February 13, 2019
As usual, applying 0patch’s micropatch will not require users to restart the system or relaunch OpenOffice, with the effect being immediate because it is an in-memory fix for running processes.
The micropatch created and distributed by 0patch can be downloaded and applied after creating an account on 0patch.com, downloading the 0patch Agent and registering the agent on the device.
0patch also provides a video demo of the OpenOffice 0day micropatch in action: