Title: OpenOffice Insecure Document Signing Weakness
Severity: MODERATE
Description:
OpenOffice is a suite of applications used to create and edit documents and data (such as text documents and spreadsheets).
OpenOffice fails to securely sign XML-based OpenDocument Format (ODF) files. This issue occurs because the application allows users to manipulate the 'CN' parameter of the 'X509issuerName' XML tag contained in the 'META-INF\documentsignatures.xml' file without needing to re-sign the digital certificate. When the application validates the certificate, the forged certificate will be accepted.
Attackers can leverage this weakness to manipulate signed documents that contain malicious data in such a way that the signature remains intact.
This weakness results in a false sense of security and could help the attacker exploit latent vulnerabilities.
OpenOffice 2.3.0 and 2.2.0 are vulnerable; other versions may also be affected.
Affected Products:
- OpenOffice OpenOffice 2.2.0
- OpenOffice OpenOffice 2.3.0
References:
- OpenOffice: OpenOffice Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
