Linux distributions, LibreOffice, Firefox, Chrome, Android OS initiative, FreeMind, BSD Distributions are few of the many such products. Read moreįor the past couple of decades, Open source software(OSS) projects have become the pioneer in delivering commercial-grade software products. Our research was acknowledged by Microsoft, Apache OpenOffice, and LibreOffice during the coordinated disclosure. Finally, we showed that attackers possessing a signed ODF could alter and forge the signature creation time in 16 of 18 applications. For 17 of 18 applications, we could spoof the content in a signed ODF document while keeping the signature valid and trusted. Our investigation revealed 12 out of 18 applications to be vulnerable for macro code execution, although the application only executes macros signed by trusted entities. We identified five new attacks and evaluated them against 16 office applications on Windows, macOS, Linux, iOS, Android, and two online services. In this paper, we conduct the first comprehensive analysis of OpenDocument signatures and reveal numerous severe threats. Thus, the security of ODF documents often depends on the correct signature verification. Since the risks of using macros in documents is well-known, modern office applications only enable their execution if a trusted entity signs the macro code.
Moreover OpenDocument signatures also protect document's macros.
protect the integrity of a document's content, for example, for contracts, amendments, or bills. When it comes to governmental and business use cases, OpenDocument signatures can. Supported by office suites like Apache OpenOffice, LibreOffice, and Microsoft Office, the OpenDocument Format (ODF) is available for text processing, spreadsheets, and presentations on all major desktop and mobile operating systems. OpenDocument is one of the major standards for interoperable office documents.
0 kommentar(er)
