{"id":42947,"date":"2021-09-20T20:52:08","date_gmt":"2021-09-20T20:52:08","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/"},"modified":"2021-09-20T20:52:08","modified_gmt":"2021-09-20T20:52:08","slug":"apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/","title":{"rendered":"Apache OpenOffice can be hijacked by malicious documents, fix still in beta"},"content":{"rendered":"<p>Apache OpenOffice (AOO) is currently vulnerable to a remote code execution vulnerability and while the app&#8217;s source code has been patched, the fix has only been made available as beta software and awaits an official release.<\/p>\n<p>That means that most people running the open source office suite, which has been downloaded hundreds of millions of times and was last updated in May, probably have vulnerable versions of the software.<\/p>\n<p>On Saturday, September 18, security researcher Eugene Lim revealed details about the vulnerability (CVE-2021-33035) at HackerOne&#8217;s Hacktivity online conference after an August 30 public disclosure date came and went without the fix being fully deployed.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Lim, known online as <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/spaceraccoonsec\">SpaceRacoon<\/a>, is a vulnerability researcher at Gulf Tech Singapore&#8217;s cybersecurity group. CVE-2021-33035, he explained, &#8220;is a buffer overflow by a <code>.dbf<\/code> file which overrides a return pointer with a DEP [data execution prevention] and ASLR [address space layout randomization] bypass to finally execute arbitrary commands by the attacker.&#8221; That means a malicious file opened by the software can execute malware on the machine.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Lim found the flaw after examining the <a href=\"http:\/\/www.independent-software.com\/dbase-dbf-dbt-file-format.html\" target=\"_blank\" rel=\"nofollow noopener\"><code>.dbf<\/code> file format<\/a>, which first appeared as part of the dBase II application in 1983, and setting up a template to fuzz the format \u2013 inject data into the stack in the hope of causing a crash.<\/p>\n<p>What he found was that the <code>.dbf<\/code> file format can use one of two values in its header \u2013 <code>fieldLength<\/code> or <code>fieldType<\/code> \u2013 to determine the buffer size of a database record. So it&#8217;s possible to allocate a buffer using one and to use the other to set the size of a copy operation into that buffer, leading to a buffer overflow.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>OpenOffice&#8217;s <code>.dbf<\/code> parsing code looked like this:<\/p>\n<pre class=\"wrap_text\">\nelse if ( DataType::INTEGER == nType ) { sal_Int32 nValue = 0; memcpy(&amp;nValue, pData, nLen); *(_rRow-&gt;get())[i] = nValue; }\n<\/pre>\n<p>&#8220;Here, we can see a buffer <code>nValue<\/code> of size <code>sal_Int32<\/code> (4 bytes) being instantiated for a field of type <code>INTEGER<\/code>,&#8221; explained Lim in a <a href=\"https:\/\/medium.com\/csg-govtech\/all-your-d-base-are-belong-to-us-part-1-code-execution-in-apache-openoffice-cve-2021-33035-767fc7d6daf7\" target=\"_blank\" rel=\"nofollow noopener\">blog post<\/a>. &#8220;Next, <code>memcpy<\/code> copies a buffer of size <code>nLen<\/code> \u2014 which is an attacker-controlled value \u2014 into <code>nValue<\/code> without validating that <code>nLen<\/code> is smaller than or equal to 4.&#8221;<\/p>\n<p>Revising his previous payload generator to the integer <code>fieldType<\/code> (<code>I<\/code>), he increased the size of <code>fieldLength<\/code> to greater than <code>sal_Int32<\/code>, and was able to launch a proof-of-concept attack that consisted of opening the file in OpenOffice Calc and causing a crash.<\/p>\n<p>To fully exploit this and achieve reliable code execution, on Windows at least, Lim had to bypass DEP and ASLR. To do so, he looked for imported modules that had not been compiled with those protections and found <code>libxml2<\/code>, a software library for parsing XML documents.<\/p>\n<p>&#8220;So I could use this library as a starting point for a return-oriented programming chain, or ROP chain, in order to bypass DEP eventually,&#8221; he said.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>ROP, as Lim explained, is a technique that chains together snippets of code that resides within an application&#8217;s memory \u2013 like cutting out letters from newspapers and magazines to spell out a sentence, but in this case it&#8217;s lining up software instructions to execute \u2013 until a specific goal has been accomplished. Because the overwritten pointer he&#8217;d obtained offered only about 256 bytes to work with, his ROP chain became <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/libloaderapi\/nf-libloaderapi-getmodulehandlea\" target=\"_blank\" rel=\"nofollow noopener\">GetModuleHandleA<\/a> and then <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/libloaderapi\/nf-libloaderapi-getprocaddress\" target=\"_blank\" rel=\"nofollow noopener\">GetProcAddress<\/a> to locate the <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/winbase\/nf-winbase-winexec\" target=\"_blank\" rel=\"nofollow noopener\">WinExec<\/a> code to execute his own shell commands. At this point, he can run whatever he wants on the victim&#8217;s machine.<\/p>\n<blockquote class=\"twitter-tweet\" readability=\"5.2169811320755\">\n<p lang=\"en\" dir=\"ltr\">CVE-2021-33035: RCE in Apache OpenOffice up to 4.1.10 &#8211; pure memory corruption. Just talked about it at <a href=\"https:\/\/twitter.com\/hashtag\/hacktivitycon?src=hash&amp;ref_src=twsrc%5Etfw\">#hacktivitycon<\/a> and full writeup at <a href=\"https:\/\/t.co\/qYutUfml6J\">https:\/\/t.co\/qYutUfml6J<\/a>. More to come on CVE-2021-38646 Microsoft Office RCE&#8230; <a href=\"https:\/\/t.co\/S3xmiHYYw8\">pic.twitter.com\/S3xmiHYYw8<\/a><\/p>\n<p>\u2014 spaceraccoon \ud83e\udd9d | Eugene Lim (@spaceraccoonsec) <a href=\"https:\/\/twitter.com\/spaceraccoonsec\/status\/1439282533137408002?ref_src=twsrc%5Etfw\">September 18, 2021<\/a><\/p><\/blockquote>\n<p>Lim in his post said that he wondered why this hadn&#8217;t been caught and noticed that GitHub&#8217;s LGTM automated security scan for open-source projects has Apache OpenOffice <a href=\"https:\/\/lgtm.com\/projects\/g\/apache\/openoffice\/?mode=list\" target=\"_blank\" rel=\"nofollow noopener\">tagged<\/a> for Python and JavaScript but not C++.<\/p>\n<p>&#8220;Browsing the files on LGTM, I noticed that there were no C++ files included,&#8221; he observed. &#8220;This demonstrates the importance of sanity-checking automated static analysis tools; if your tools don\u2019t know the code exists, it can\u2019t find those vulnerabilities.&#8221;<\/p>\n<p>Lim said the vulnerability also affected Scalabium dBase Viewer (CVE-2021\u201335297) and because that project was run by a single developer the fix was quick. With Apache OpenOffice, which has <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/10\/15\/libreoffice_openoffice_taunts\/\" rel=\"noopener\">struggled to sustain itself<\/a> in recent years, the initial disclosure occurred on May 4 and with any luck the fix will be finalized before the end of September.<\/p>\n<p>&#8220;The Apache OpenOffice Project Management Committee (PMC) are in regular communication with Eugene Lim, who has confirmed our fix and has committed to point users to the beta patch,&#8221; said Dave Fisher, on behalf of the Apache OpenOffice PMC, in a statement emailed to <i>The Register<\/i>. &#8220;We endeavor to roll the release for Apache OpenOffice 4.1.11 within the month, hopefully sooner, and publish the CVE-2021-33035 before the release.&#8221;<\/p>\n<p>For those disinclined to wait, the beta installers can be found <a href=\"https:\/\/home.apache.org\/~mseidel\/AOO-builds\/AOO-4111-Test\/Full%20Installation\/\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a> and the source code has been <a href=\"https:\/\/github.com\/apache\/openoffice\/commit\/efddaef0151af3be16078cc4d88c6bae0f911e56#diff-ea66e734dd358922aba12ad4ba39c96bdc6cbde587d07dbc63d04daa0a30e90f\" target=\"_blank\" rel=\"nofollow noopener\">patched<\/a>. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/09\/20\/apache_openoffice_rce\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you need another reason to try an alternative software suite Apache OpenOffice (AOO) is currently vulnerable to a remote code execution vulnerability and while the app&#8217;s source code has been patched, the fix has only been made available as beta software and awaits an official release.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-42947","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Apache OpenOffice can be hijacked by malicious documents, fix still in beta 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apache OpenOffice can be hijacked by malicious documents, fix still in beta 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-20T20:52:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Apache OpenOffice can be hijacked by malicious documents, fix still in beta\",\"datePublished\":\"2021-09-20T20:52:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/\"},\"wordCount\":811,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/\",\"name\":\"Apache OpenOffice can be hijacked by malicious documents, fix still in beta 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-09-20T20:52:08+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apache OpenOffice can be hijacked by malicious documents, fix still in beta\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apache OpenOffice can be hijacked by malicious documents, fix still in beta 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/","og_locale":"en_US","og_type":"article","og_title":"Apache OpenOffice can be hijacked by malicious documents, fix still in beta 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-09-20T20:52:08+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Apache OpenOffice can be hijacked by malicious documents, fix still in beta","datePublished":"2021-09-20T20:52:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/"},"wordCount":811,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/","url":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/","name":"Apache OpenOffice can be hijacked by malicious documents, fix still in beta 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-09-20T20:52:08+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YUkOA2hS1uFRHekct6ZHTAAAAAc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/apache-openoffice-can-be-hijacked-by-malicious-documents-fix-still-in-beta\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Apache OpenOffice can be hijacked by malicious documents, fix still in beta"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42947","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42947"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42947\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}