Exploit payload process in Libre Office file

Hi. I just downloaded the LibreOffice_7.5.3_Win_x86-64.msi and I created a document. I uploaded it as an attachment to my email and re-downloaded it. Now it can’t be opened because Malwarebytes blocked it as “Exploit payload process” My question is why.

How did it get infected or transformed?

This question you have to ask at Malewarebytes or use other channels to verify.

Nobody can check from here…

  • Is your system clean?
  • From where did you download the msi?
  • Did you verify the download (checksum) against data from TDF?

Used google a bit…
It seems to be check by your security system, which tries to guess “suspicious” behaviour. Can often give false positives, because advanced techniques like allowing extensions, using java can look similiar to techniques used by “suspicious” software to load malware.
.
You will find reports also for Word or even Windows-Update. An older incident for LibreOffice (with some instructions):
https://forum.openoffice.org/en/forum/viewtopic.php?t=106075

But keep an eye on your environment. Malwarebytes may sometimes be right, even if a lot of false alerts are happening.

2 Likes