Apache OpenOffice can be hijacked by malicious documents, fix still in beta>

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Apache OpenOffice (AOO) is currently vulnerable to a remote code execution vulnerability (CVE-2021-33035) recently discovered by security researcher Eugene Lim, and while the app’s source code has been patched, the fix has only been made available as beta software and awaits an official release.

That means that most people running the open source office suite, which has been downloaded hundreds of millions of times and was last updated in May, probably have vulnerable versions of the software.

On Saturday, September 18, security researcher Eugene Lim revealed details about the vulnerability (CVE-2021-33035) at HackerOne’s Hacktivity online conference after an August 30 public disclosure date came and went without the fix being fully deployed.

Read the article