Christian Huitema wrote:
In May of this year, patches were needed to mitigate ongoing PPT threats.
http://technet.microsoft.com/en-us/security/bulletin/ms11-036
http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
http://blogs.technet.com/b/mmpc/archive/2009/04/02/new-0-day-exploits-using-powerpoint-files.aspx
A quick look at http://www.adobe.com/support/security/ shows that PDF
is not immune to security issues, and has at least as many bulletins
out as PowerPoint. Complex presentations formats require complex code,
and nobody is perfect.
Not every PDF viewer is so obsessive as the one from Adobe about
trying execute every bit that looks even remotely executable, besides
javascript also every content where the addition of length fields
wraps in integer math.
Just saying, but if we want to ensure that presentations are
readable 50 years from now, and do not embed some kind of
malicious code, we might stick to ASCII text, right?
I would not go as far as that,
but forcing a format that is free from active content
is probably a good start:
http://en.wikipedia.org/wiki/PDF/A
I would also not mind when the Upload _accepts_ PPT or PPTX, when
the IETF tools backend would perform the conversion to PDF/A by itself.
-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf