Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures (www.usenix.org)

submitted 1 year ago by execveat@infosec.pub to c/research@infosec.pub

0 comments fedilink hide all child comments

OOXML signatures are rendered pretty much useless due to 3 flaws in specification and 2 flaws in implementation.

"The vulnerabilities have been acknowledged by Microsoft. However, Microsoft has decided that the vulnerabilities do not require immediate attention."

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here

this post was submitted on 12 Jun 2023

7 points (100.0% liked)

Research

292 readers

1 users here now

/r/netsec's branch in the fediverse.

A community-curated aggregator of technical research. Our mission is to extract signal from the noise.

Only post technical content here. New tools (and major releases of existing ones), novel techniques, deep dives and post mortems are the ideal content. CTF and bug bounty writeups could be acceptable if they showcase lesser known approaches or techniques.

Non-technical content (both beginner and CISO level) will be considered spam.

founded 1 year ago

MODERATORS

execveat@infosec.pub