On Wed, Nov 6, 2013 at 1:59 AM, janI <j...@apache.org> wrote: > Hi. > > I just read this warning from microsoft (after a hint on infra): > http://www.computerworld.com.au/article/531046/microsoft_warns_office_zero-day_active_hacker_exploits/?utm_medium=rss&utm_source=sectionfeed > > aoo imports office 2007 documents, so could it be a problem for us too ? >
Not enough information to tell for certain, but it is unlikely Such attacks usually exploit specific parsing code in the application and depend on the data structures and memory layout. Since we don't have the same parsing code we're unlikely to have the vulnerabilities. The exception would be cases like the WMF flaws of a few years ago, where the format itself had exploitable design flaws. In that case many applications, following the WMF specification, had the same flaw. So Windows itself had the flaw, but also the WINE emulator. The flaw we fixed in CVE-2012-0037 is similar, a format-level design issue that impacted several ODF implementations. So that's the thing to look for, as more information is made available -- is this exploiting a flaw in the MS Office code (likely) or a more generic flaw in the TIFF format (less likely). Regards, -Rob > rgds > jan I. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
