| From: Akemi Yagi <amyagi@xxxxxxxxx> | Macros are a useful part of any office suite, allowing users to automate | repetitive tasks. These tasks include potentially destructive actions such | as modifying and deleting files, which is why macros are of interest to | virus writers. | It is possible in any capable macro language, including those in | OpenOffice.org, to write simple 'virus-like' programs. Currently, | OpenOffice.org follows industry best practice to mitigate the risk. The best practice is not to have a macros feature capable of causing havoc. | However, the OpenOffice.org community repeats the consistent message from | security experts that users should never accept files from unknown | sources. That is silly advice. 1. dangerous things can come (or appear to come) from known sources. 2. it is common practice to share files and there are good reasons to do so. (This is more useful than any macro capability.) It would appear that the advice is only given to attempt to duck responsibility. The right fix is to the macro feature of Open Office. I seem to remember that this kind of vulnerability was observed and eliminated from troff over 20 years ago.
