Interesting paper from the PacSec 2006 security conference: OpenOffice / OpenDocument and MS Office 2007 / Open XML security (PDF)
Not too surprising when you come to think of it, there are tons of possibilities to embed various kinds of malware in the new office document formats. Also, you always have the risk of leaving sensitive metadata in there... If you publish stuff, you better convert to PDF before. But even that might leave sensitive data in the PDF, mind you!
Oh, and one nice detail you might enjoy:
And that doesn't even describe all of the format (e.g. VBA macros are missing)! No further comment required...
Ladies and gentlemen, please welcome with me ISO/IEC 26300:2006, the freshly published OSI standard, better known as OpenDocument Format (ODF).
For the uninitiated, ODF is
an open XML-based document file format for saving and exchanging editable office documents (including memos, reports, and books), spreadsheets, charts, and presentations. OpenDocument was developed as an application-independent file format by OASIS (Organization for the Advancement of Structured Information Standards), a vendor-neutral standards organization.
ODF is currently employed by OpenOffice 2.0, KOffice, Abiword, and tons of other applications. Lots of other office suites and programs will likely follow. The recently formed ODF Alliance now has more than 150 member organizations.
(via Nico Golde)