LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

[ooo-announce] proof-of-concept macro virus

[Posted June 2, 2006 by ris]

From:  Jacqueline McNally <jacqueline-AT-openoffice.org>
To:  announce-AT-openoffice.org
Subject:  [ooo-announce] proof-of-concept macro virus
Date:  Fri, 02 Jun 2006 21:09:47 +0800

There has been press comment recently about a "proof-of-concept macro
virus" affecting OpenOffice.org and reported in a blog at an anti-virus
company.[1]

Macros are a useful part of any office suite, allowing users to automate
repetitive tasks. These tasks include potentially destructive actions
such as modifying and deleting files, which is why macros are of
interest to virus writers.

The "proof-of-concept macro virus" showed that it is possible to write a
simple "virus-like" program using OpenOffice.org's macro language. This
is a known risk with any capable macro language. To mitigate against
this risk, by default OpenOffice.org detects if a document contains
macros, displays a warning, and will only run the macro if the user
specifically agrees. This behaviour conforms to industry best practice.

The OpenOffice.org engineers take the security of the software very
seriously, and will react promptly to any new issues. This "proof of
concept" virus is not new information, and does not require a software
patch. Technically, it is not even a virus, as it is not
"self-replicating" - with OpenOffice.org's default settings, it cannot
spread without user intervention.

However, the OpenOffice.org community repeats the consistent message
from security experts that users should never accept files from unknown
sources. For any security issue, please visit OpenOffice.org's Security
Team page [2] and send a note to security@openoffice.org.

[1] http://www.viruslist.com/en/weblog?weblogid=187738337
[2] http://www.openoffice.org/security/

- The OpenOffice.org Team



---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe@openoffice.org
For additional commands, e-mail: announce-help@openoffice.org
(Log in to post comments)

[ooo-announce] proof-of-concept macro virus

Posted Jun 5, 2006 3:08 UTC (Mon) by AnswerGuy (guest, #1256) [Link]

So, displaying a warning is good, but I have to wonder what other protections are in place.

I would think that the Macro feature should be limited (by default) to modifying/rendering the contents of the file in which it's embedded. There should be a special, trusted, directory in which "global" macros can be stored; and safeguards on how templates and macros get saved thereto.

The real dangers of macros in productivity application come from their ability to leak out of one document (receieved via e-mail or over any file sharing means) and read or modify other files (either to insert copies of, or links to, the macros --- for a viral/worm like behavior; or to corrupt them, even to steal sensitive data from them and send them back to some malicious 3rd party).

I'd like to see a more detailed, expert explanation of how OOo protects users from these sorts of things.

Jim

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds