Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index


Take heart: I just received an update and install notice for two patches concerning TrueType fonts 
on my Windows XP SP3 Tablet PC.  I don't know whether there are more coming.  I don't see anything 
for Vista or Windows 7 yet.  Stay tuned.

If you are running Windows XP, it might be a good time to check for updates.

 - Dennis

Tom,

The security issue is not about a virus or the ways a virus is spread.  

It is certainly about the prospect of a machine being compromised and used as part of a zombie army 
or whatever.  The compromise could also be used to compromise security on the machine that is 
successfully attacked.

I wouldn't say that LO is safe.  Any application that allows selection of TTF fonts and that uses 
Windows to render fonts on the display and for printing might be vulnerable -- all of the attack 
routes have not been disclosed.  But as someone else commented, the vulnerability is in Windows.  
Also, the malicious fonts need to be installed or accessed somehow.  The embedded case that had a 
workaround is presumably but one of the attack entries.


 - Dennis

-----Original Message-----
From: Tom [mailto:tomdavies04@yahoo.co.uk] 
Sent: Saturday, November 05, 2011 11:20
To: users@global.libreoffice.org
Subject: [libreoffice-users] Re: MS font exploit

Hi :)
That seems to list all the supported versions/distros of Windows but doesn't
included unsupported ones such as Win98.  Does that mean Win98 is safe or
just that they don't bother to look to see if it's vulnerable?  

Tbh my interest suddenly dropped away when i found that LO is safe even if
we read a doc file in it and creating doc files is still safe too in LO. 
I'm a little worried about the works machines especially after the work i
have put in these last 2 weeks but if they suffer because of using MS Office
then it might encourage them to move to LO and that would be fine by me. 
The problem would be if the machines got infected right after me working on
updating everything and installing weird stuff such as LO.  

If LO prevents the machine itself getting infected that is one good thing
but if it inadvertently passes infections on then the wrong people, ie LO
users, might start getting the blame for something that is not their/our
fault.  Of course they/we would also be passing it on if we were using MS
Office but at least we would have had more warning about it as our machines
got infected.  Hmmm, this whole lack of security in MS products really
creates a lot of weird blame issues.  

Regards from
Tom :) 

--
View this message in context: 
http://nabble.documentfoundation.org/MS-font-exploit-tp3481492p3483006.html
Sent from the Users mailing list archive at Nabble.com.

-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted


-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.