Abstract
This paper presents an in-depth analysis of the OpenOffice suite (release 2.0.3) with respect to viral threats, independently of any software flaw or vulnerability. First we will identify, then analyse the different potential viral vectors of OpenOffice.org v2.0.3. Our examination applies to win32 and Unix-like platforms. For each identified vector, a detailed study will show to which extend the infection is possible. From then on we will define the solutions in order to maximize OpenOffice.org security in the production field as well as in the office tools at the administration level.
Similar content being viewed by others
References
Chambet, P., Detoisien, E., Filiol, E.: La fuite d’informations dans les documents propriétaires. Journal de la sécurité informatique MISC, numéro 7 (2003)
De Drézigué, D., Hansma, N.: Etude de faisabilité de macro-virus sous OpenOffice. Mémoire de stage mastère spécialisé “Réseaux et Télécommunications Militaires”, Ecole Supérieure et d’Application des Transmissions (2006)
Filiol, E.: Le virus Concept. Journal de la sécurité informatique MISC, numéro 4 (2002)
Filiol, E.: Computer viruses: from theory to applications. IRIS International series, Springer, Berlin Heidelberg Newyork ISBN 2-287-23939-1 (2005)
Filiol, E.: Strong cryptography armoured computer viruses forbidding code analysis: the bradley virus. In: Proceedings of the 14th EICAR Conference, pp. 201–217 (2005)
Filiol, E.: Techniques virales avancées. Collection IRIS, Springer, Berlin Heidelberg New York (in press) (2006)
FIPS 180-1: Secure Hash Standard, Federal Information Processing Standards Publication 180-1, U.S. Department of Commerce/N.I.S.T., National Technical Information Service, Springfield (1995)
ISO: ISO and IEC approve OpenDocument OASIS standard for data interoperability of office applications, http://www.iso.org/iso/en/commcentre/pressreleases/ 2006/Ref1004.html. See also http://ec.europa.eu/idabc/en/document/3439/5585 and http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=odf-adoption for more details (2006)
Oasis Standards: Open document format for office applications, OpenDocument v1.0, http://www.oasis-open.org/ committees/download.php/12572/OpenDocument-v1.0-os.pdf (2005)
The OpenOffice.org Software Development Kit, http://www. openoffice.org/dev_docs/source/sdk
OpenOffice Suite Official Website, http://www.openoffice.org.
Major OpenOffice.org Deployments, http://wiki.services. openoffice.org/wiki/Major_OpenOffice.org_Deployments
Marcelly, B., Godard, L.: Programmation OpenOffice.org: Macros OOoBasic et API, Eyrolles, ISBN 2-212-11439-7 (2004)
Rautiainen, S.: OpenOffice security. In: Virus bulletin conference, september 2003 (2003)
Reynaud-Plantey D. (2005) New viral threats of Java viruses. J. Comput. Virol. 1(1-2): 32–43
Kasliski, B.: RFC 2898-PKCS#5: Password-Based Cryptography Specification Version 2.0, Network Working Group, http://www.faqs.org/rfcs/rfc2898.html (2000)
Schneier B (1994) Description of a new variable-length key, 64-bit Block Cipher (Blowfish). In: Anderson R. (ed) Fast Software Encryption, Cambridge Security Workshop, LNCS 809. Springer, Berlin Heidelberg New York, pp. 191–204
http://smallbiz.symantec.com/press/1998/n980819.html
www.w3.org/XML/Schema
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
de Drézigué, D., Fizaine, JP. & Hansma, N. In-depth analysis of the viral threats with OpenOffice.org documents. J Comput Virol 2, 187–210 (2006). https://doi.org/10.1007/s11416-006-0020-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-006-0020-2