Submission Summary: 0 pending, 15 declined, 4 accepted (19 total, 21.05% accepted)
Despite Sun's OpenOffice.org developer Malte Timmermann's claims to the contrary this kind of embedded scripting attack represents a real threat to OpenOffice.org users.
Back in June 2000 when Sun first announced the open sourcing of OpenOffice.org the twelfth email to the open discussion list put forward a two part solution for to provide OpenOffice users with Safe(r) Scripting using restricted mode execution by default and access by signed digital certificates. In October 2000 the issue of treating security as an "add-on" feature rather than a "system property" was again raised. Is it time to now introduce such measures to the OpenOffice.org Core to greatly reduce any future risk from scripted infections?"