Advertisement

Journal in Computer Virology

, Volume 4, Issue 2, pp 115–125 | Cite as

OpenDocument and Open XML security (OpenOffice.org and MS Office 2007)

  • Philippe Lagadec
SSTIC 2007 Best Academic Papers

Abstract

OpenDocument and Open XML are both new open file formats for office documents. OpenDocument is an ISO standard, promoted by OpenOffice.org and Sun StarOffice. Open XML is the new format for Microsoft Office 2007 documents, an ECMA standard. These two formats share the same basic principles: XML files within a ZIP archive, with an open schema, in contrast to good-old proprietary formats (MS Word, Excel, PowerPoint, ...). However, both of them suffer from many security issues, similar to previous Office formats: malicious people can still embed and hide malware (Trojan horses and viruses) thanks to macros, scripts, OLE objects and similar features. This paper shows the security issues with technical details, including XML and ZIP obfuscation techniques that may be used to bypass antiviruses, and describes how to design a filter to get rid of unwanted parts in a safe way.

Keywords

Security Issue Security Level Hide Data Information Leak Central Directory 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    In-depth Analysis of the Viral Threats with OpenOffice.org Documents, De Drézigué, Fizaine, Hansma (ESAT), Journal in Computer Virology, 2006. http://dx.doi.org/10.1007/s11416-006-0020-2
  2. 2.
    Le risque viral sous OpenOffice 2.0.x, Filiol, Fizaine (ESAT), MISC magazine n7, 09/2006.Google Scholar
  3. 3.
    OpenOffice/OpenDocument and MS Open XML security, Lagadec, P. PacSec 2006 conference. http://pacsec.jp/psj06archive.html
  4. 4.
    Sécurité des formats OpenDocument et Open XML, Lagadec, P. http://actes.sstic.org/SSTIC07/Securite_OpenDocument_OpenXML/
  5. 5.
    Ecma International, National Body Comments from 30-Day Review of the Fast Track Ballot for ISO/IEC DIS 29500 (ECMA-376) “Office Open XML File Formats”, Ecma/TC45/2007/006. http://www.ecma-international.org/news/TC45_current_work/Ecma%20responses.pdf
  6. 6.
    Formats de fichiers et code malveillant, Lagadec, P. SSTIC03. http://actes.sstic.org/SSTIC03/Formats_de_fichiers/
  7. 7.
    Common Vulnerabilities and Exposures, keywords “Microsoft Office”. http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=microsoft+office
  8. 8.
    Common Vulnerabilities and Exposures, keyword “OpenOffice”. http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openoffice
  9. 9.
    Analyse du risque viral sous OpenOffice.org 2.0.x, Filiol, E. (ESAT), rump sessions SSTIC06. http://actes.sstic.org/SSTIC06/Rump_sessions/SSTIC06-rump-Filiol-Risque_viral_sous_OpenOffice.pdf
  10. 10.
    OpenOffice.org URL Handling Security Vulnerability (Linux/Solaris). http://www.openoffice.org/security/CVE-2007-0239.html
  11. 11.
    Cross-site request forgery, Wikipedia. http://en.wikipedia.org/wiki/XSRF
  12. 12.
    La fuite d’informations dans les documents propriétaires, Chambet, P. (EdelWeb), Eric Filiol (ESAT), E. Detoisien, OSSIR 6/10/2003. http://www.ossir.org/windows/supports/2003/2003-10-06/OSSIR-Fuite%20infos.pdf
  13. 13.
    Open Document Format for Office Applications (OpenDocument) v1.0, OASIS Standard, 1 May 2005. http://docs.oasis-open.org/office/v1.0/OpenDocument-v1.0-os.pdf
  14. 14.
    Open Document Format for Office Applications (OpenDocument) v1.1, OASIS Standard, 1 Feb 2007. http://docs.oasis-open.org/office/v1.1/OpenDocument-v1.1.pdf
  15. 15.
    Office Open XML File Formats—Standard ECMA-376. http://www.ecma-international.org/publications/standards/Ecma-376.htm
  16. 16.
  17. 17.
    Secunia advisory for MS06-065. http://secunia.com/advisories/20717
  18. 18.
    Microsoft XML Paper Specification—XPS. http://www.microsoft.com/whdc/xps/default.mspx
  19. 19.

Copyright information

© Springer-Verlag France 2007

Authors and Affiliations

  • Philippe Lagadec
    • 1
  1. 1.NATO/NC3AThe HagueThe Netherlands

Personalised recommendations