oss-sec mailing list archives
Re: Remote file inclusion by office applications
From: Florian Weimer <fweimer () redhat com>
Date: Fri, 14 Dec 2012 09:33:51 +0100
On 12/13/2012 07:53 PM, Daniel Kahn Gillmor wrote:
For local file inclusion, libreoffice at leasts prompts me with: ----------- This document contains one or more links to external data. Would you like to change the document, and update all links to get the most recent data? [Yes] [No] ----------- but it doesn't tell me what those documents are.
This is based on a similar Microsoft Office prompt and implements required functionality (for different use cases involving linked documents). It is not a security prompt by any means, and it predates macro security prompts by several years.
(I'm pretty sure Microsoft Office supports external documents with UNC names, FWIW.)
-- Florian Weimer / Red Hat Product Security Team
Current thread:
- Remote file inclusion by office applications Timo Warns (Dec 13)
- Re: Remote file inclusion by office applications Kurt Seifried (Dec 13)
- Re: Remote file inclusion by office applications Timo Warns (Dec 13)
- Re: Remote file inclusion by office applications Daniel Kahn Gillmor (Dec 13)
- Re: Remote file inclusion by office applications Kurt Seifried (Dec 13)
- Re: Remote file inclusion by office applications Tim Brown (Dec 13)
- Re: Remote file inclusion by office applications Florian Weimer (Dec 14)
- Re: Remote file inclusion by office applications Kurt Seifried (Dec 13)