66863 – possible execution of macros without confirmation

Issue 66863 - possible execution of macros without confirmation

Summary: possible execution of macros without confirmation

Status:	CLOSED FIXED

Alias:	None

Product:	General
Classification:	Code
Component:	code (show other issues)
Version:	OOo 2.0.3
Hardware:	All All

Importance:	P3 Trivial (vote)
Target Milestone:	OOo 2.0
Assignee:	Martin Hollmichel
QA Contact:	issues@framework

URL:	http://www.openoffice.org/security/CV...
Keywords:

Depends on:
Blocks:

Reported:	2006-06-29 17:08 UTC by Martin Hollmichel
Modified:	2007-02-05 13:26 UTC (History)
CC List:	2 users (show)

See Also:
Issue Type:	DEFECT
Latest Confirmation in:	---
Developer Difficulty:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Martin Hollmichel 2006-06-29 17:08:49 UTC

It is possible to inject basic code into documents, which is executed on loading
the document.
The user will not be asked or notified and the macro has full access to system
resources (with current users privileges).
Even disabling document macros doesn't help here!

Comment 1 Martin Hollmichel 2006-06-29 17:13:35 UTC

set target and resolution to fixed.

Comment 2 Martin Hollmichel 2006-06-29 17:13:58 UTC

and verified.

Comment 3 Mathias_Bauer 2007-02-05 13:26:30 UTC

closed ancient issues