Am 06.11.13 13:46, schrieb Rob Weir:
On Wed, Nov 6, 2013 at 1:59 AM, janI <j...@apache.org> wrote:
Hi.
I just read this warning from microsoft (after a hint on infra):
http://www.computerworld.com.au/article/531046/microsoft_warns_office_zero-day_active_hacker_exploits/?utm_medium=rss&utm_source=sectionfeed
aoo imports office 2007 documents, so could it be a problem for us too ?
Not enough information to tell for certain, but it is unlikely Such
attacks usually exploit specific parsing code in the application and
depend on the data structures and memory layout. Since we don't have
the same parsing code we're unlikely to have the vulnerabilities.
The exception would be cases like the WMF flaws of a few years ago,
where the format itself had exploitable design flaws. In that case
many applications, following the WMF specification, had the same flaw.
So Windows itself had the flaw, but also the WINE emulator. The flaw
we fixed in CVE-2012-0037 is similar, a format-level design issue that
impacted several ODF implementations.
So that's the thing to look for, as more information is made available
-- is this exploiting a flaw in the MS Office code (likely) or a more
generic flaw in the TIFF format (less likely).
This discoussion should be at security@ or minimum on private@.
Greetings Raphael
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
