Mumbai: The Indian Computer Emergency Response Team (CERT-In) has issued an advisory warning to users of LibreOffice about three serious vulnerabilities being disclosed in the wildly popular software.
An alternative to Microsoft Office, LibreOffice is preferred by many because it can open and allow access to a wider range of formats than MS Word. It is also completely free, with no paid premium versions and an open source software, which means it incorporates any and all changes suggested by its users.
And it’s not just individuals: numerous offices around the world also use LibreOffice in their day-to-day work. CERT-In’s advisory, which was issued on Monday, classifies all three vulnerabilities as ‘high’ in severity.
“Multiple vulnerabilities have been reported in LibreOffice which could be exploited by an attacker to execute arbitrary code and disclose sensitive information on the targetted system,” the advisory states.
Execution of arbitrary code means that a hacker, once inside your system, can run any code that he wants to. In simpler words, it means that a hacker can literally do anything he wants once he has gained access to your system by exploiting the vulnerability.
Of the three vulnerabilities reported, one of them enables arbitrary code execution, while the other two can lead to the disclosure of sensitive information from the targeted system. The two vulnerabilities in the latter category can be exploited either by cracking the code of the LibreOffice software on your system, or by aggressive hacking, known as bruteforce attacks.
All three vulnerabilities have been officially acknowledged by LibreOffice and each has been assigned an independent Common Vulnerabilities and Exploits (CVE) number.
LibreOffice has, on its official website, confirmed all the three vulnerabilities and also patched them in its latest system update.
LibreOffice users are advised to download the latest system updates to the software so that the patches can be automatically installed.