Offerman Consulting
spacer Zone

Proprietary OOXML document format makes you more vulnerable to attacks

Author: Adrian Offerman

Using the proprietary OOXML document format, i.e. docx, pptx and xlsx, makes you more vulnerable to phishing and other attacks. Earlier this month, the Japanese anti-virus company Trend Micro published a blog post describing how the attack group "Operation Pawn Storm" uses spear-phishing mail messages with malicious Office documents to target the military, governments, defense industries and the media.

Four years ago, Thomas Caspers and Oliver Zendel from the German Federal Office for Information Security (BSI) already presented research results stating that most spear-phishing attacks targeting specific persons or a small group of victims are using "launch actions" in Office and PDF documents to have their malicious code executed.

In their presentation, the security researchers provided a list of security advantages of open document formats:

  • open discussions about weaknesses in document formats;
  • enabling a deeper analysis of techniques used in attacks;
  • development of custom mechanisms to detect attacks;
  • adapting free software that is used for rendering and processing of document formats to individually specific purposes — also independently from the vendor;
  • prerequisite for software diversity;
  • promotion of a competitive environment for vendors.

They also provide an overview of the number of different elements in the various document formats, relating this complexity to security vulnerabilities:

Office Open XML (OOXML, proprietary)1792
WordprocessingML (MS Office XML, proprietary predecessor to OOXML)780
OASIS Open Document (ODF, open)530

All in all, the researchers concluded, using the OpenDocument standard — the default format used by the open source package OpenOffice/LibreOffice — improves your IT security.