incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: [ooo-user] was RE: users@openoffice.org [Was: Re: [Discussion] dev@openoffice.org]
Date Thu, 01 Sep 2011 01:29:02 GMT
Oh, so it wasn't actually an MS Office file, but a spoof with a .doc filename?

That would definitely be hard to catch.  I'm not sure what would cause it to execute though.
 Was there a condition under which the exploit could be made to be run while pretended to
be a .doc file?

-----Original Message-----
From: Eike Rathke [mailto:ooo@erack.de] 
Sent: Wednesday, August 31, 2011 16:01
To: ooo-dev@incubator.apache.org
Subject: Re: [ooo-user] was RE: users@openoffice.org [Was: Re: [Discussion] dev@openoffice.org]

Hi Dennis,

On Wednesday, 2011-08-31 14:17:38 -0700, Dennis E. Hamilton wrote:

[... reordering quotes and adding a quote level for better readability, stripping rest ...]

> From: TJ Frazier
>> Funny you should mention that. That very problem occurred on Bugzilla, 
>> with DOC attachments bearing Trojan viruses. --/tj/

> Wow!
> 
> When was that?

Last year? But I think what TJ was referring was a case of .doc
attachments to make them look like a testcase but instead contained
a JavaScript snippet redirecting the browser to a different site that
tried to install malware. Quite clever.

> I assume that bugzilla still accepts attachments (we were talking about lists).

A bug tracker _has_ to accept attachments, without it is useless in many
cases.

> What do we do to protect it?

How about a virus scan on attachments? That probably wouldn't help
against the JavaScript case though. Virus scans could even be done for
mail attachments before the mailing list distributes them. Question is
if Apache infra supports both cases.

  Eike

-- 
 PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication.
 Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3  9E96 2F1A D073 293C 05FD


Mime
View raw message