Security News LibreOffice flaw is a godsend for hackers

[frogboy]

A serious LibreOffice flaw can be easily exploited by attackers to deliver malware on computers running a vulnerable version of the popular free and open source office suite.

According to The Document Foundation, which develops the software suite, the vulnerability (CVE-2016-4324) arises from an insufficient check for validity while parsing the Rich Text Format (RTF) character style index.

It is a Use After Free vulnerability that could ultimately allow for malicious code execution. And, unfortunately, it’s easy to exploit.

“A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an invalid pointer referencing previously used memory on the heap. By carefully manipulating the contents of the heap, this vulnerability can be able to be used to execute arbitrary code,” says Cisco Talos technical lead of security research Martin Lee.

The attacker has to know how to create such a file, and the trick the targeted user into opening it via a vulnerable version of LibreOffice.

Full Story. Easily exploitable LibreOffice flaw is a godsend for hackers - Help Net Security

 

[MiguelPratas819]

This is one of the reasons why I don´t understand why people avoid Microsoft Office, unless it is because it's paid. Even though it´s more common in Ms Office every software has its vulnerabilities and sooner or later you´ll know about them. You can get exploited in Ms Office, LibreOffice and others alike, it´s a matter of time.
Sorry bad english.

 

[yigido]

This is one of the reasons why I don´t understand why people avoid Microsoft Office, unless it is because it's paid. Even though it´s more common in Ms Office every software has its vulnerabilities and sooner or later you´ll know about them. You can get exploited in Ms Office, LibreOffice and others alike, it´s a matter of time.
Sorry bad english.

So, I do not want to be exploited by my paid software LibreOffice forever! Have fun paying dollars to M$ Office

 

[jamescv7]

Well it is a matter of user preference.

It is true that MS Office cannot be the most vulnerable product because of regularly patches engage, whereas LibreOffice and others may have deadly future attacks; thus it increase more risk because people known to use it as alternative to MS Office.

But in such sense, the developers have different perspective on how to response on the vulnerabilities in order to fix it immediately.

Patch Tuesday vs Immediate solution fix? Make a choice.

 

[yigido]

Immediate fix, of course

 

[MiguelPratas819]

So, I do not want to be exploited by my paid software LibreOffice forever! Have fun paying dollars to M$ Office

I have said that too "unless it is because its paid".

 

[hjlbx]

Google Project Zero also found vulnerabilities in Libre Office a while back... it's OK.

The developers take these reports rather seriously and push out fixes relatively quickly - all except M$ that is...

 

[Andytay70]

I used to use open office then libreoffice came out which is almost identicle to openoffice, Then i move to M$ office pro to use for my bussiness.
M$ office is better IMO but i use the portable version of Libreoffice when im on the move because of its compatibility with M$ Office (sorry if i dont make sense!!)

 

[woodrowbone]

The only drawback I find with Libreoffice is that they never implement auto-update of the software.
With that I mean only update the module that needs to me updated, not the whole suit every time.
Try to update/install one version on top of the other with Trusteer Rapport installed, most likely you will grow a beard in the color grey...

/W