Pages

Thursday, August 1, 2019

LibreOffice falls victim to common PDF attack - malicious macros

LibreOffice Macro Malware

You think open-source developers at LibreOffice would have learned the lessons from it's paid brethren, but 
LibreOffice has the same vulnerability as Word Marcos and PDF Macros that plagued the universe for the last 10 yrs. 














Microsoft has cleaned up its act for the most part, but Adobe Acrobat Reader is still vulnerable to PDF with malware macros. https://www.microsoft.com/security/blog/2017/01/26/phishers-unleash-simple-but-effective-social-engineering-techniques-using-pdf-attachments/

List of Current PDF Exploits : http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf

LibreOffice was a fork of OpenOffice.org and is built on the original OpenOffice.org code base, and that is also subject to malicious attacks.

LibreOffice Malware Proof of Concept (POC)

LibreOffice  is shipped by default with LibreLogo, a macro to programmable move a turtle vector graphic. To move the turtle, LibreLogo executes custom script code that is internally translated to python code and executed. The big problem here is that the code in not translated well and just supplying python code as the script code often results in the same code after translation.





















This has an official code execution vulnerability number CVE-2019-9848.



Here's a PDF Macro Malware POC with code 


No comments:

Post a Comment