LibreOffice is one of the most popular and complete alternatives to Microsoft Office that we can find on the net. This office suite is characterized by being free and open source, offering users excellent alternatives to Word, Excel and PowerPoint developed and maintained by the community. Normally LibreOffice is not usually news for security related aspects. However, today a serious vulnerability has just been announced that is endangering all users of this suite.
Just a few hours ago a new security flaw was released in LibreOffice that has not been solved and that can jeopardize our security. This security breach may allow a hacker to use a seemingly harmless document so that, when opened, hidden code is executed in it remotely and endangers the security of users.
The code that can be hidden inside these malicious documents is varied, and can range from causing a PC crash to installing malware remotely.
LibreOffice 6.2.5 fixed the vulnerability, although they have managed to skip the patch
Earlier this month The Document Foundation launched the new LibreOffice 6.2.5, an update focused on solving two serious vulnerabilities that were affecting user security.
On the one hand there is CVE-2019-9848 , the vulnerability we are talking about, which allows you to hide code in a document so that, when executing, you can execute remote code. This security flaw is found within the LibreLogo program that is installed by default along with the other LibreOffice applications.
On the other hand we have CVE-2019-9849 , another security flaw (this one was solved without problems) that could also be used to run remote code on vulnerable computers.
Although in theory the new version solved CVE-2019-9848, security researchers have encountered a bad implementation of the patch, which has allowed it to skip it and re-exploit this vulnerability with relative ease.
How to protect ourselves from this vulnerability if we use LibreOffice
Although the vulnerability is hidden within LibreLogo, as this application is installed by default to all users, all those who do not customize the installation will be in danger.
If we want to protect ourselves, what we must do is uninstall LibreLogo from our computer. Even if we leave the other LibreOffice applications, uninstalling it will ensure that we are no longer in danger. If we are going to install LibreOffice again, then we must make sure to uncheck this option in the installation process.
If we really need to use LibreLogo for the design of vector images, then we must exercise much more caution. We must avoid any file that we can download from the Internet as it can hide a threat.
The Document Foundation is already working on a new solution for this vulnerability. The new patch should not take long to reach users, although for now we will have to wait. It is recommended to install LibreOffice 6.2.6 as soon as it is launched in order to be protected. Other alternatives, such as OpenOffice, seem to be not vulnerable.