Posted on Tuesday, February 05 2019 @ 13:16 CET by Thomas De MaesschalckAfter trying various approaches to exploit the vulnerability, [security researcher Alex] Inführ found that he could rig the event to call a specific function within a Python file included with the Python interpreter that ships with LibreOffice.The bug got fixed by the LibreOffice team but unfortunately, OpenOffice still hasn't been patched, which may be because the latter has a much smaller developer base. However, the proof-of-concept exploit doesn't work with OpenOffice out-of-the-box because the office suite doesn't allow parameters to be passed in the same fashion as the unpatched version of LibreOffice did. OpenOffice users can also mitigate the issue by removing or renaming the pythonscript.py file in the installation folder.
"For the solution I looked into the Python parsing code a little more in depth and discovered that it is not only possible to specify the function you want to call inside a python script, but it is possible to pass parameters as well," he said.
Overall, the threat level is low as a potential victim needs to complete quite a number of steps for this exploit to work. The user needs to be tricked into unpacking a ZIP file, which contains both an ODT file and the Python script. Then the user needs to open the ODT file, and roll over a link with his or her mouse. If an anti-virus tool hasn't nipped this in the bud by then, code could be executed on the target PC.
