I just found out that a new security hole has been discovered involving
malicious calc documents
However, I couldn.t find whether turning off VBA-nacros is eough
protection from such malicious ods documents. ANyone has any more info
on this vulnerability?
Here is the security report:
http://www.heise-security.co.uk/news/87204
Report of 22.03.2007 15:14 [<< previous] [next >>]
Several holes in OpenOffice
In addition to the known security hole through which manipulated
WordPerfect documents can inject malicious code into OpenOffice, the
software has been found to contain additional vulnerabilities that
attackers could exploit by means of manipulated documents. Specially
prepared StarCalc documents can also cause injected program code to be
executed. In addition, attackers can misuse links embedded in documents
to execute shell commands.
In their security advisory, the developers of Debian do not provide any
details about these vulnerabilities. They merely state that OpenOffice
can cause a buffer overflow during the processing of StarCalc documents.
It is allegedly quite easy for attackers to exploit this vulnerability
in order to inject their own code into third-party computers.
Furthermore, the Office suite does not correctly convert links in
documents; as a result, merely clicking on a specially prepared link in
a document can cause shell code to be executed on your computer.
Up to now, no patched version of OpenOffice has been released. Users of
OpenOffice are therefore advised to refrain from opening any documents
that are not explicitly from trustworthy sources.
For more information, see:
* openoffice.org -- several vulnerabilities, Debian's security advisory
(ehe)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
