Shulou(Shulou.com)05/31 Report--

This article mainly explains the "LibreOffice suite remote code execution vulnerability example analysis", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "LibreOffice suite remote code execution vulnerability example analysis" bar!

Compared with downloads that do not require user interaction, document-based attacks usually contain some kind of social engineering component. From being tricked into opening attachments to enable macros, attackers are using a variety of themes and fish phishing techniques to infect their victims.

Today let's take a look at the vulnerabilities in LibreOffice, LibreOffice is a free open source office suite, and OpenOffice (now Apache OpenOffice) is available for Windows,Mac and Linux.

An attacker can exploit this vulnerability to execute remote code, which could cause the system to crash. The flaw uses a mouse hover event, which means that the user must be tricked into placing the mouse over a link in the document. This triggers the execution of the Python file (installed with LibreOffice) and allows parameters to be passed and executed.

We tested several payload shared by John Lambert. The process is usually as follows:

Soffice.exe-> soffice.bin-> cmd.exe-> calc.exe

This vulnerability has been patched in LibreOffice but not in Apache OpenOffice. Time will tell me whether this loophole will eventually be used in the wild. It is worth noting that not everyone uses Microsoft Office, and threat participants can see it as a specific victim of what they know may be the use of open source productivity software.

Thank you for your reading, the above is the content of "LibreOffice Suite remote Code execution vulnerability example Analysis". After the study of this article, I believe you have a deeper understanding of the problem of LibreOffice Suite remote Code execution vulnerability example Analysis, and the specific usage still needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.