Mary Jo Foley mentions an Open XML conversions tool, and Robert Hensing's posting about MOICE codenamed wringer
…what MOICE does is it hijacks the file associations in the registry and redirects them to a process called ‘MOICE.EXE’. This process basically spawns the Office 2007 file format converter to up-convert the double-clicked Office 2003 document to the new Open XML file format. Oh and the converter runs in its own desktop with a super-locked down token (Dave is the freaking man!). Why run the converter in its own desktop with a super restricted token? Simple - what if the act of converting the file leads to an exploitable bug and / or code execution. This is effectively dropping the rights of the logged on user to *below* standard user levels in order to do the file conversion. Anyhoo - after the file is up-converted to the new Office 2007 file format - the theory is that the vulnerability will have been ‘wrung’ out (indeed the code name for this project was ‘Wringer’).”
So in other words Moice is an Open XML converter which converts to Open XML in a sandbox. As if it was dangerous to convert to Open XML! Explains the National Security Agency (NSA):
Malicious Office files often exploit vulnerabilities that exist in the parsing code used to open and save supported file types. Microsoft has responded to this type of threat by creating more robust parsers and by introducing new file formats in Office 2007. Further, the default file formats in Office 2007 (.docx, .xlsx, .pptx, etc.) are not allowed to contain embedded code or macros.
That is right, as Office 2007 files that contain macros use just another file extention: .docm (Word Microsoft Office Open XML Format Document with Macros Enabled), xlsm, pptm, etc.
Right or wrung theory?
What if the wringer is just a psychological tool to get users to adopt Open XML as a format? A kind of witch doctor trojan to infect your computer with the Open XML format conversion because you are afraid of viruses? Oh, they would never do that. I trust them. And trust is all about security. They know what's best for me and work hard to make my computer more secure and benefit my user experience with Open XML.
And what happens next. It would not surprise me to see security specialists publish open xml proof-of-concepts attacks. We are on the way to expose a new security open xml hell, 12 August:
In this month’s update for Excel we addressed … the first vulnerability to affect the new Open XML file format …. This is an information disclosure vulnerability that can arise when a user makes a data connection from Excel to a remote data source and checks a checkbox to have Excel NOT save the password used in that connection to the file. The checkbox had no affect when saving the file in the new Open XML (.XLSX) file format and the password was thus errantly saved to the file…
Or what about that one: Users want security, we have no security, we sold it out, we just have Open XML converters. ..use your imagination