LibreOffice and OpenOffice security risk found.

oovslibreLibreOffice, an open source clone of Microsoft Office, has patched a bug that allowed attackers to execute commands of their choosing on vulnerable computers. A similar flaw in Apache OpenOffice remains unfixed.

A Remote Code Execution (RCE) vulnerability was discovered in LibreOffice on Windows and Linux, and users are now recommended to update to the latest versions, as patches have already been issued.

While the vulnerability has already been resolved in LibreOffice, it looks like other Office productivity suites are affected as well, including OpenOffice.
OpenOffice is still unpatched right now, with no ETA as to when a fix could be shipped.

The security researcher confirms that OpenOffice 4.1.6 is the one vulnerable to attacks and the parent company acknowledged the issue, only that no known release date is available just yet.

Users are thus recommended to update to the latest version of LibreOffice as soon as possible, while those using OpenOffice should try to stay away from documents coming from untrusted sources as much as possible.

According to sources, OpenOffice users can mitigate the risk by removing or renaming the pythonscript.py file in the installation folder.

Netwise 09.02.19