A vulnerability discovered on office suites LibreOffice and OpenOffice allows for a remote code execution as soon as a user opens a malicious ODT file and moves his mouse over the document, without triggering any warning dialog. LibreOffice ships with its own python interpreter and libraries where one of them allows for passing arbitrary parameters that are executed on the commandl line. The vulnerability is fixed in Libreoffice 6.0.7 and 6.1.3. No fixes are available for OpenOffice yet.