Journal in Computer Virology

, Volume 4, Issue 2, pp 115–125 | Cite as

OpenDocument and Open XML security ( and MS Office 2007)

  • Philippe Lagadec
SSTIC 2007 Best Academic Papers


OpenDocument and Open XML are both new open file formats for office documents. OpenDocument is an ISO standard, promoted by and Sun StarOffice. Open XML is the new format for Microsoft Office 2007 documents, an ECMA standard. These two formats share the same basic principles: XML files within a ZIP archive, with an open schema, in contrast to good-old proprietary formats (MS Word, Excel, PowerPoint, ...). However, both of them suffer from many security issues, similar to previous Office formats: malicious people can still embed and hide malware (Trojan horses and viruses) thanks to macros, scripts, OLE objects and similar features. This paper shows the security issues with technical details, including XML and ZIP obfuscation techniques that may be used to bypass antiviruses, and describes how to design a filter to get rid of unwanted parts in a safe way.


Security Issue Security Level Hide Data Information Leak Central Directory 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    In-depth Analysis of the Viral Threats with Documents, De Drézigué, Fizaine, Hansma (ESAT), Journal in Computer Virology, 2006.
  2. 2.
    Le risque viral sous OpenOffice 2.0.x, Filiol, Fizaine (ESAT), MISC magazine n7, 09/2006.Google Scholar
  3. 3.
    OpenOffice/OpenDocument and MS Open XML security, Lagadec, P. PacSec 2006 conference.
  4. 4.
    Sécurité des formats OpenDocument et Open XML, Lagadec, P.
  5. 5.
    Ecma International, National Body Comments from 30-Day Review of the Fast Track Ballot for ISO/IEC DIS 29500 (ECMA-376) “Office Open XML File Formats”, Ecma/TC45/2007/006.
  6. 6.
    Formats de fichiers et code malveillant, Lagadec, P. SSTIC03.
  7. 7.
    Common Vulnerabilities and Exposures, keywords “Microsoft Office”.
  8. 8.
    Common Vulnerabilities and Exposures, keyword “OpenOffice”.
  9. 9.
    Analyse du risque viral sous 2.0.x, Filiol, E. (ESAT), rump sessions SSTIC06.
  10. 10. URL Handling Security Vulnerability (Linux/Solaris).
  11. 11.
    Cross-site request forgery, Wikipedia.
  12. 12.
    La fuite d’informations dans les documents propriétaires, Chambet, P. (EdelWeb), Eric Filiol (ESAT), E. Detoisien, OSSIR 6/10/2003.
  13. 13.
    Open Document Format for Office Applications (OpenDocument) v1.0, OASIS Standard, 1 May 2005.
  14. 14.
    Open Document Format for Office Applications (OpenDocument) v1.1, OASIS Standard, 1 Feb 2007.
  15. 15.
    Office Open XML File Formats—Standard ECMA-376.
  16. 16.
  17. 17.
    Secunia advisory for MS06-065.
  18. 18.
    Microsoft XML Paper Specification—XPS.
  19. 19.

Copyright information

© Springer-Verlag France 2007

Authors and Affiliations

  • Philippe Lagadec
    • 1
  1. 1.NATO/NC3AThe HagueThe Netherlands

Personalised recommendations