OpenOffice security presented at Virus Bulletin 2003

by Sami Rautiainen (F-Secure),

Tags: Security


Summary : OpenOffice security
OpenOffice, the open office suite is available for Linux, Windows and Solaris,
with the other platforms like MacOS X under development. It has reached the production
version 1.0, being already the most popular office suite for Linux.
This paper discusses the security model of OpenOffice - the environment and
restrictions that are provided for executable content such as macros and embedded objects.
The paper also examines the features of the native macro language and the XML file format
used by OpenOffice.
The OpenOffice feature set is similar to the feature set of Microsoft Office.
It has word processing, spreadsheet and presentation applications all tied together within
a common look and feel.
OpenOffice has a built-in macro language and a support for both JavaScript and
Java applets. Looking at these features, the question arises: how secure is OpenOffice?
Have OpenOffice developers taken into account the pitfalls shown by the history of the
Microsoft Office or is OpenOffice the next victim of the abuse of macro viruses?