CVE-2020-12802: LibreOffice vulnerability allows leakage of sensitive information

Cybersecurity specialists reported the finding of a critical vulnerability in LibreOffice, an open source office software package developed by The Document Foundation. The flaw has already been revealed on the official site of the National Vulnerability Database (NVD).

This software package features a ‘Stealth Mode’ so that documents from locations considered reliable can recover remote resources; this feature is not enabled by default, although users can modify this setting at any time. The reported flaw would allow a remote graphical link uploaded to a .docx document to bypass this protection in versions prior to the latest update (6.4.4).   

Tracked as CVE-2020-12802, successfully exploiting this security flaw would allow threat actors to access sensitive information on the target system.

This flaw received a score of 5.3/10 on the Common Vulnerability Scoring System (CVSS) scale, so it is considered a medium security error. The report was presented by Jens Muller, a cybersecurity specialist at Ruhr Bochum University.

There are no known exploitation attempts in the wild, nor a malware variant to trigger this attack so far. Users of affected deployments are advised to verify the installation of the latest versions of LibreOffice. It should be remembered that the bug was fixed in version 6.4.4.