Vulnerability in Apache OpenOffice allows remote code execution

Spread the love

A vulnerability in Apache OpenOffice allows remote code execution. Although the vulnerability is being fixed with a beta update, no official patch has yet been released for the vulnerability by the maker of the office package.

The vulnerability CVE-2021-33035 was discovered by security researcher Eugene Lim. On his Twitter account show him how to exploit the vulnerability. The vulnerability allows malware to be installed remotely on the victim’s computer. It is not known if the vulnerability has been actively exploited by malicious people, but now that the vulnerability has been made public, Apache OpenOffice users are vulnerable.

In a blog, Lim described how he discovered the vulnerability. In it, he also writes that the leak had been known to Apache Open Office since May 5. He is amazed that the bug could go undetected for so long in software that is freely available and used by millions of people.

A spokesperson for Apache OpenOffice told The Register that they hope they can roll out the update “within this month.” A version in which the vulnerability has been fixed is currently available in beta, but as OpenOffice writes on its website, “it may still contain errors”. When Apache OpenOffice 4.1.11 is released later this month, the vulnerability should be officially patched.

You might also like