Re: [libreoffice-users] Is version 4.1.6.2 insecure?

On 07/12/2014 05:55 AM, . wrote:
> To whom it may concern:
>
> LibreOffice 4.1.6.2 is detected as insecure by Secunia PSI. Advisory
> SA57383 (Macro Vulnerability). Would you be so kind as to let me know why
> this stable version is insecure, but the fresh version 4.2.5 is secure?
> Thank you for your timely effort.
Can you supply more details. Secunia has a paywall.

Macros are a well know security hole in all office suites. They 
potentially allow arbitrary code to be run on an end users computer when 
the file is opened. For older MS office suites, the default was to run 
all macros when the file is opened. Recent (after 2005 or so) the 
default behavior was changed to only allow "trusted" macros the 
privilege of being allowed to run.  I do not know how common this was 
with other office programs/suites of the same vintage.

I believe LO has always used the model of the "trusted macro only" being 
granted privileges by default.

Under TOOLS>OPTIONS>LibreOffice/Security click on "Macro Security". Set 
the security level to high or very high. This will restrict macros from 
running unless they trusted. This setting works for any macros.

--
Jay Lozier
jslozier@gmail.com


--
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted