Cybersecurity specialists reported the finding of a critical vulnerability in LibreOffice, an open source office software package developed by The Document Foundation. The flaw has already been revealed on the official site of the National Vulnerability Database (NVD).
This software package features a ‘Stealth Mode’ so that documents from locations considered reliable can recover remote resources; this feature is not enabled by default, although users can modify this setting at any time. The reported flaw would allow a remote graphical link uploaded to a .docx document to bypass this protection in versions prior to the latest update (6.4.4).
Tracked as CVE-2020-12802, successfully exploiting this security flaw would allow threat actors to access sensitive information on the target system.
This flaw received a score of 5.3/10 on the Common Vulnerability Scoring System (CVSS) scale, so it is considered a medium security error. The report was presented by Jens Muller, a cybersecurity specialist at Ruhr Bochum University.
There are no known exploitation attempts in the wild, nor a malware variant to trigger this attack so far. Users of affected deployments are advised to verify the installation of the latest versions of LibreOffice. It should be remembered that the bug was fixed in version 6.4.4.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.