Data
Events
Data: CASIE
Negative Trigger
An
official
in
a
small
Michigan
county
has
resigned
after
being tricked
Attack.Phishing
into
wiring
$
50,000
to
an
overseas
bank
account
.
Shiawassee
County
apparently
was
the
victim
of
a phishing scam
Attack.Phishing
.
Financial
administrator
Patricia
Fitnich
believed
she
was
replying
to
an
email
from
another
county
official
about
paying
a
bill
for
research
and
development
.
The
money
was
supposed
to
go
to
a
bank
in
Texas
,
according
to
Commissioner
Daniel
McMaster
,
but
actually
was
transferred
to
a
South
African
bank
.
A
county
administrator
,
Michael
Herendeen
,
confirmed
to
TV5
Fitnich
had
``
done
a
number
of
fine
things
''
over
two
years
but
she
realized
``
this
was
a
major
mistake
.
''
A
security
flaw
affecting
Vulnerability-related.DiscoverVulnerability
LibreOffice
and
Apache
OpenOffice
has been fixed
Vulnerability-related.PatchVulnerability
in
one
of
the
two
open-source
office
suites
.
The
other
still
appears
to
be vulnerable
Vulnerability-related.DiscoverVulnerability
.
Before
attempting
to
guess
which
app
has
yet
to
be patched
Vulnerability-related.PatchVulnerability
,
consider
that
Apache
OpenOffice
for
years
has
struggled
attract
more
contributors
.
And
though
the
number
of
people
adding
code
to
the
project
has
grown
since
last
we
checked
,
the
project
missed
its
recent
January
report
to
the
Apache
Foundation
.
The
upshot
is
:
security
holes
are
n't
being patched
Vulnerability-related.PatchVulnerability
,
it
seems
.
The
issue
,
identified
Vulnerability-related.DiscoverVulnerability
by
security
researcher
Alex
Inführ
,
is
that
there
's
a
way
to
achieve
remote
code
execution
by
triggering
an
event
embedded
in
an
ODT
(
OpenDocument
Text
)
file
.
In
a
blog
post
on
Friday
,
Inführ
explains
Vulnerability-related.DiscoverVulnerability
how
he
found
Vulnerability-related.DiscoverVulnerability
a
way
to
abuse
the
OpenDocument
scripting
framework
by
adding
an
onmouseover
event
to
a
link
in
an
ODT
file
.
The
event
,
which
fires
when
a
user
's
mouse
pointer
moves
over
the
link
,
can
traverse
local
directories
and
execute
a
local
Python
script
.
After
trying
various
approaches
to
exploit
the
vulnerability
,
Inführ
found
Vulnerability-related.DiscoverVulnerability
that
he
could
rig
the
event
to
call
a
specific
function
within
a
Python
file
included
with
the
Python
interpreter
that
ships
with
LibreOffice
.
``
For
the
solution
I
looked
into
the
Python
parsing
code
a
little
more
in
depth
and
discovered
that
it
is
not
only
possible
to
specify
the
function
you
want
to
call
inside
a
python
script
,
but
it
is
possible
to
pass
parameters
as
well
,
''
he
said
.
The
exploit
was
tested
on
Windows
,
and
should
work
on
Linux
,
too
.
Inführ
says
Vulnerability-related.DiscoverVulnerability
he
reported
Vulnerability-related.DiscoverVulnerability
the
bug
on
October
18
and
it
was fixed
Vulnerability-related.PatchVulnerability
in
LibreOffice
by
the
end
of
the
month
.
RedHat
assigned
Vulnerability-related.DiscoverVulnerability
it
CVE-2018-16858
in
mid-November
and
gave
Inführ
a
disclosure
Vulnerability-related.DiscoverVulnerability
date
of
January
31
,
2019
.
When
he
published
Vulnerability-related.DiscoverVulnerability
on
February
1
,
in
conjunction
with
the
LibreOffice
fix
notification
,
OpenOffice
still
had
not
been patched
Vulnerability-related.PatchVulnerability
.
Inführ
says
Vulnerability-related.DiscoverVulnerability
he
reconfirmed
Vulnerability-related.DiscoverVulnerability
that
he
could
go
ahead
with
disclosure
Vulnerability-related.DiscoverVulnerability
even
though
OpenOffice
4.16
has
yet
to
be fixed
Vulnerability-related.PatchVulnerability
.
His
proof-of-concept
exploit
does
n't
work
with
OpenOffice
out-of-the-box
because
the
software
does
n't
allow
parameters
to
be
passed
in
the
same
way
as
the
unpatched
version
of
LibreOffice
did
.
However
,
he
says
Vulnerability-related.DiscoverVulnerability
that
the
path
traversal
issue
can
still
be
abused
to
execute
a
local
Python
file
and
cause
further
mischief
and
damage
.
We
're
imagining
specifically
targeted
netizens
being tricked
Attack.Phishing
into
opening
a
ZIP
file
,
unpacking
an
ODT
and
Python
script
,
and
then
the
ODT
document
attempting
to
execute
the
Python
script
when
the
victim
rolls
their
mouse
over
a
link
,
for
instance
.
The
Register
tried
to
reach
two
OpenOffice
contributors
to
find
out
what
's
going
on
.
We
've
not
heard
back
.
According
to
Inführ
,
OpenOffice
users
can
mitigate
the
risk
by
removing
or
renaming
the
pythonscript.py
file
in
the
installation
folder
.