When the download and execution is *performed* by Apache OpenOffice, the vulnerability is now ours. That needs to be obvious too.
-----Original Message----- From: Rob Weir [mailto:[email protected]] Sent: Friday, November 18, 2011 11:58 To: [email protected] Subject: Re: Install configuration management On Fri, Nov 18, 2011 at 2:11 PM, Dennis E. Hamilton <[email protected]> wrote: > I think this is all very interesting. > > I want to point out that any situation where code is downloaded for execution > under the user's privileges while running Apache OpenOffice is an avenue for > attack by injection of malicious code and also data mining the user account. > I want to point out that any situation where code is downloaded for execution under the user's privileges while *not running* Apache OpenOffice is *also* an avenue for attack by injection of malicious code and also data mining the user account. This is just stating the obvious in too many words. -Rob
