The developers of the open source office suite LibreOffice informed users this week that they have patched a vulnerability which could allow attackers to execute arbitrary code using specially crafted RTF files.
The vulnerability, found by Cisco Talos researchers and tracked as CVE-2016-4324, affects the RTF parser in LibreOffice. The flaw can be exploited with an RTF document that contains both a stylesheet and a superscript token.
“A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an invalid pointer referencing previously used memory on the heap. By carefully manipulating the contents of the heap, this vulnerability can be able to be used to execute arbitrary code,” Cisco Said.
The attacker needs to somehow trick the targeted individual into opening a malicious RTF file in order to trigger the exploit. It’s not uncommon for cybercriminals to exploit RTF parser vulnerabilities in Microsoft Office to deliver malware and this flaw shows that such attacks are also possible against LibreOffice users.
The issue has been addressed with the release of Libre Office 5.1.4. Cisco says there is no evidence that this vulnerability has been exploited in the wild, but users are advised to update their installations to protect themselves against potential attacks.
The developers of various Linux distributions are also analyzing the issue and some have already released package updates (check at http://www.ubuntu.com/usn/usn-3022-1/) to patch the flaw.
This is the third vulnerability confirmed by LibreOffice developers this year. In February, The Document Foundation informed users that researchers from VeriSign’s iDefense Labs had identified a couple of memory corruption bugs that could have been exploited to cause a denial-of-service (DoS) condition using specially crafted Lotus Word Pro files.
Cisco Talos researchers recently identified flaws in many popular products, including the chat client Pidgin, Trane thermostats, Lhasa and 7-Zip archivers