Users that are not able to update their installs to the latest version should disable the macro features. Libre Office addressed the issue with the release 7.0.5 or 7.1.1 and later. “An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person.” reads the advisory published by LibreOffice. In a real attack scenario, threat actors can sign weaponized documents to make them appear as created by a trusted source.Įxperts pointed out that the CVE-2021-25635 flaw also affects LibreOffice that tracked the vulnerability as CVE-2021-25635. many users opt to use the free alternatives LibreOffice or Apache OpenOffice. The flaw was reported by Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany. Windows Report presents Microsoft Office alternatives compared side by side - including. The flaw has been addressed with the release of version 4.1.1. ONLYOFFICE vs LibreOffice vs OpenOffice Tested Side By Side. All versions of Apache OpenOffice up to 4.1.10 are affected.” reads the advisory for this vulnerability. “It is possible for an attacker to manipulate documents to appear to be signed by a trusted source.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |