Journal in Computer Virology

, Volume 4, Issue 2, pp 115–125

OpenDocument and Open XML security (OpenOffice.org and MS Office 2007)

  • Philippe Lagadec
SSTIC 2007 Best Academic Papers

Abstract

OpenDocument and Open XML are both new open file formats for office documents. OpenDocument is an ISO standard, promoted by OpenOffice.org and Sun StarOffice. Open XML is the new format for Microsoft Office 2007 documents, an ECMA standard. These two formats share the same basic principles: XML files within a ZIP archive, with an open schema, in contrast to good-old proprietary formats (MS Word, Excel, PowerPoint, ...). However, both of them suffer from many security issues, similar to previous Office formats: malicious people can still embed and hide malware (Trojan horses and viruses) thanks to macros, scripts, OLE objects and similar features. This paper shows the security issues with technical details, including XML and ZIP obfuscation techniques that may be used to bypass antiviruses, and describes how to design a filter to get rid of unwanted parts in a safe way.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag France 2007

Authors and Affiliations

  • Philippe Lagadec
    • 1
  1. 1.NATO/NC3AThe HagueThe Netherlands

Personalised recommendations