LibreOffice Vulnerable to Code Execution in URL Mouseover Preview Feature
Researcher Alex Inführ discovered that LibreOffice 6.1.0-6.1.3.1 is susceptible to a code injection attack if a user hovers their mouse over a malicious URL.
Antecedentes
Researcher Alex Inführ disclosed a LibreOffice vulnerability (CVE-2018-16858) in versions 6.1.0-6.1.3.1 which shows that code injection is possible on both Linux and Windows versions when a user hovers their mouse over a malicious URL.
Update: Tenable Research was able to confirm that this vulnerability is also exploitable on macOS by editing the Proof of Concept (PoC) code.
Análisis
While this vulnerability does require user interaction, an OpenDocument Text (ODT) file containing a malicious URL is not likely to be flagged by most corporate security defenses. There isn’t any malicious code or otherwise altered elements to the document. It wouldn’t be seen as malware, and the text can be changed to the same color as the document background to make it invisible to the average user.
Furthermore, when the vulnerability is exploited, it doesn’t generate a warning dialogue of any kind. As soon as the user hovers over the malicious URL, the code is executed immediately. The current Still (Stable) Branch of LibreOffice (6.0.7) is not susceptible to this vulnerability.
Below is the researcher’s Proof of Concept video demonstrating an invisible URL opening a command prompt on the vulnerable version:
Solución
LibreOffice addressed this vulnerability in release 6.1.3.2, and upgrading to that version or later should mitigate the vulnerability.
Identificación de los sistemas afectados
A list of Nessus plugins to identify this vulnerability can be found here as they're released.
Obtenga más información
- Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution
- Latest Versions of LibreOffice
Únase al Equipo de respuesta de seguridad de Tenable en Tenable Community.
Obtenga más información sobre Tenable, la primera plataforma de Cyber Exposure para el control integral de la superficie de ataque moderna.
Get a free 60-day trial of Tenable.io Vulnerability Management.
Ryan Seguin
Security Response Manager
Ryan joined Tenable in 2013 as a customer support engineer assisting customers with technical troubleshooting and product education. After that, he helped create dashboard and report templates for SecurityCenter that users can download through the Tenable.sc feed. Now Ryan is a member of the Security Response team, informing customers of the latest security threats, and providing in-depth analytics for today’s most critical vulnerabilities.
Interests outside of work: Ryan is a retro video game console/arcade hardware enthusiast and modder, and he is also studying Japanese and hopes to one day be fluent.
Artículos relacionados
Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)
Microsoft addresses 107 CVEs, including one zero-day vulnerability that was publicly disclosed....
From Vulnerability to Visibility: What the SharePoint Attacks Reveal About the Need for Proactive Cybersecurity
The recent exploitation of Microsoft SharePoint vulnerabilities highlights a critical gap in traditional, reactive cybersecurity strategies. Learn how a proactive exposure management approach empowers federal agencies to reduce risk, streamline operations and stay secure....
CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability
Frequently asked questions about CVE-2025-53786, an elevation of privilege vulnerability affecting Microsoft Exchange Server Hybrid Deployments....
- Vulnerability Management