<3?php /** * This file is part of OPUS. The software OPUS has been originally developed * at the University of Stuttgart with funding from the German Research Net, * the Federal Department of Higher Education and Research and the Ministry * of Science, Research and the Arts of the State of Baden-Wuerttemberg. * * OPUS 4 is a complete rewrite of the original OPUS software and was developed * by the Stuttgart University Library, the Library Service Center * Baden-Wuerttemberg, the Cooperative Library Network Berlin-Brandenburg, * the Saarland University and State Library, the Saxon State Library - * Dresden State and University Library, the Bielefeld University Library and * the University Library of Hamburg University of Technology with funding from * the German Research Foundation and the European Regional Development Fund. * * LICENCE * OPUS is free software; you can redistribute it and/or modify it under the * terms of the GNU General Public License as published by the Free Software * Foundation; either version 2 of the Licence, or any later version. * OPUS is distributed in the hope that it will be useful, but WITHOUT ANY * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. You should have received a copy of the GNU General Public License * along with OPUS; if not, write to the Free Software Foundation, Inc., 51 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * * @category Application * @author Julian Heise * @author Thoralf Klein * @author Sascha Szott * @author Jens Schwidder * @copyright Copyright (c) 2010-2017, OPUS 4 development team * @license http://www.gnu.org/licenses/gpl.html General Public License */ $config = Zend_Registry::get('Zend_Config'); $pageLanguage = Zend_Registry::get('Zend_Translate')->getLocale(); $this->headMeta() ->prependHttpEquiv('Content-Type', 'text/html; charset=UTF-8') ->prependHttpEquiv('Content-Language', $pageLanguage); $this->headTitle('OPUS 4') ->setSeparator(' | '); if (isset($config->instance_name)) { $this->headTitle($config->instance_name); } if (isset($this->title)) { if ($this->moduleName !== 'frontdoor') { $this->headTitle($this->translate($this->title)); } else { // do not translate for frontdoor, because the document title is used $this->headTitle(htmlspecialchars($this->title)); } } $this->headLink() ->appendStylesheet('https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css') ->appendStylesheet($this->baseUrl() . '/' . $config->css->jqueryui->path, 'screen') ->appendStylesheet($this->layoutPath() . '/css/opus.css', 'screen,print') ->appendStylesheet($this->layoutPath() . '/css/admin.css', 'screen,print') ->appendStylesheet($this->layoutPath() . '/css/print.css', 'print') ->appendStylesheet($this->layoutPath() . '/css/custom.css') ->headLink(array( 'rel' => 'shortcut icon', 'type' => 'image/x-icon', 'href' => $this->layoutPath() . '/img/logo/favicon.ico')) ->headLink(array( 'rel' => 'search', 'title' => 'OPUS 4 Search', 'type' => 'application/opensearchdescription+xml', 'href' => $this->serverUrl() . $this->baseUrl() . '/solrsearch/opensearch')); $this->container = Zend_Registry::get('Opus_Navigation'); $jsFiles = array('searchutil.js', 'frontdoorutil.js', 'submit.js'); if (in_array($this->moduleName, array('admin', 'review', 'setup', 'account'))) { $jsFiles[] = 'theme.js'; $jsFiles[] = 'theme_lic.js'; $jsFiles[] = 'opus-ui.js'; } else if (in_array($this->moduleName, array('publish'))) { $jsFiles[] = 'filetypes.js'; } if ($this->jQueryEnabled()) { foreach (array_reverse($jsFiles) as $filename) { $this->headScript()->prependFile($this->layoutPath() . '/js/' . $filename); } $this->headScript()->prependFile($this->baseUrl() . '/' . $config->javascript->jqueryui->path); $this->headScript()->prependFile($this->baseUrl() . '/' . $config->javascript->jquery->path); } $appConfig = new Application_Configuration(); if ($appConfig->isLanguageSelectionEnabled()) { $languageSelectors = $this->languageSelector(); } else { $languageSelectors = null; } if (isset($config->javascript->latex->mathjax)) { $this->headScript()->appendFile($this->baseUrl() . $config->javascript->latex->mathjax, 'text/javascript'); } ?>
  • search hit 1 of 1
Back to Result List

Of­fice Do­cu­ment Se­cu­ri­ty and Pri­va­cy

  • OOXML and ODF are the de facto standard data formats for word processing, spreadsheets, and presentations. Both are XML-based, feature-rich container formats dating back to the early 2000s. In this work, we present a systematic analysis of the capabilities of malicious office documents. Instead of focusing on implementation bugs, we abuse legitimate features of the OOXML and ODF specifications. We categorize our attacks into five classes: (1) Denial-of-Service attacks affecting the host on which the document is processed. (2) Invasion of privacy attacks that track the usage of the document. (3) Information disclosure attacks exfiltrating personal data out of the victim's computer. (4) Data manipulation on the victim's system. (5) Code execution on the victim's machine. We evaluated the reference implementations – Microsoft Office and LibreOffice – and found both of them to be vulnerable to each tested class of attacks. Finally, we propose mitigation strategies to counter these attacks.

Export metadata

Additional Services

Metadaten
Author:Jens Müller, Fabian Ising, Vla­dis­lav Mla­de­nov, Chris­ti­an Mainka, Sebastian Schinzel, Jörg Schwenk
URL:https://www.usenix.org/conference/woot20/presentation/muller
Parent Title (English):14th USE­NIX Work­shop on Of­fen­si­ve Tech­no­lo­gies (WOOT 2020)
Publisher:USENIX
Document Type:Conference Proceeding
Language:English
Date of Publication (online):2020/08/21
Year of first Publication:2020
Provider of the Publication Server:FH Münster - University of Applied Sciences
Release Date:2020/08/21
Tag:Cyber Security; Open Document Format; docx
Faculties:Elektrotechnik und Informatik (ETI)
Publication list:Schinzel, Sebastian
Ising, Fabian
Licence (German):License LogoBibliographische Daten