Date: prev next · Thread: first prev next last
2015 Archives by date, by thread · List index

Hash: SHA1

On 24/01/15 14:04, Thisis theone wrote:

We think macros and other rarely used, but high risk features should be DISABLED BY DEFAULT in 

Since I don't do windows ^1, I can't confirm the statement in the
original article that MSO ships with Macros disabled by default.

If that is the case, then changing the defaults in LibO/AOo/EO/NO/etc
won't make a difference, because the user will enable the macro to run,
if only for the specific document.

Tom Davis wrote:

So we tend to find the LO and AOO simply don't have as many
vulnerabilities and problems.

Because LibO, AOo, & EO run on various platforms, I suspect that, as a
malware vector, they are less vulnerable than MSO on Windows.

By way of example, I can't use JabBib on my laptop, because the version
in the official distro repository is incompatible with the specific
setup of my laptop. There are two or three other programs I'd like to
install, but have similar issues. If I had the drive space, I could
install the tool chain required to compile the programs from source code.

The apparent increase is insecurity that support for the number of macro
languages that LibO & AOo brings, is nullified by the macro writer not
knowing what components of that language are available on the target

It's difficult for anyone to find any flaws that can be exploited by
writing some nasty macro.

At least one "proof of concept" "nasty" macro was publicly released for
OOo. I've seen a couple of posts, and articles, that imply that there
are some OOo/LibO/AOo ^2 specific macros in the wild, but nothing that
can be confirmed.


^1: The last time I used MSO on Windows, it took 90 seconds from
starting MSO to seeing the Blue Screen of Death. That was with the then
current version of MSO on Windows 7.

^2 I don't recall any mention of EuroOffice, NeoOffice, or Android
OpenOffice in those articles:
* NeoOffice, running exclusively on Mac OS X, can easily accommodate
malware that relies on the standard Mac OS X configuration;
* Android OpenOffice can easily accommodate malware that targets the
Android Operating System;

Version: GnuPG v1


To unsubscribe e-mail to:
Posting guidelines + more:
List archive:
All messages sent to this list will be publicly archived and cannot be deleted


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.