Vigil@nce - LibreOffice: code execution via Update
April 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
During the automatic update procedure, LibreOffice does not check
the signature of the downloaded file, before downloading it.
Impacted products: LibreOffice
Severity: 2/4
Creation date: 25/03/2013
DESCRIPTION OF THE VULNERABILITY
When LibreOffice checks the availability of a new version, it
sends a query to the following page (requires a LibreOffice
User-Agent):
http://update.libreoffice.org/check.php
This page then returns an XML file indicating the last version of
the program and its download url.
However, this procedure does not use HTTPS, and does not check if
the software is legitimate.
During the automatic update procedure, LibreOffice therefore does
not check the signature of the downloaded file, before downloading
it.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/LibreOffice-code-execution-via-Update-12563