A vulnerability in OpenOffice settings of OpenDocument Format
files and templates allows silent access to files that are
readable from an user account, over-riding the user's default
configuration settings. Once these files are imported into a
maliciously-crafted document, the data can be silently hidden
in the document and possibly exported to an external party
without being observed.
There are no known exploits of this vulnerability.
A proof-of-concept demonstration exists.
Vendor: The Apache Software Foundation
All Apache OpenOffice versions 4.1.1 and older are affected.
OpenOffice.org versions are also affected.
Apache OpenOffice users are urged to download and install Apache
OpenOffice version 4.1.2 or later.
Apache OpenOffice 4.1.2 mitigates this vulnerability by ignoring
in-document settings that over-ride default behavior when accessing
data beyond the document itself. The automatic default behavior
is changed to make such access evident to the user, who must then
approve the access.
Nature of Attack
This vulnerability requires an exquisitely crafted attack to
locate targeted files, silently retrieve them, and then deliver
their data in a manner that escapes notice. Knowledge of the
user's system and specific configuration is generally required.
In addition to keeping Apache OpenOffice updated, users can reduce
the threat of this kind of data access from ODF documents. Keep
documents and sensitive materials separate from common,
predictable locations, including on networks. Require
additional access permissions for access to sensitive materials
even when operating under the user's normal account.