|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: (New ?) Macro security hole in Word 97
From: Bronek Kozicki (brok
RUBIKON.PL)Date: Sat Jul 22 2000 - 15:34:24 CDT
- Next message: Max Vision: "Re: Roxen Web Server Vulnerability"
- Previous message: Wichert Akkerman: "Re: Cobalt RaQ 3 security hole?"
- In reply to: Bongard, Dominique: "(New ?) Macro security hole in Word 97"
- Reply: Bronek Kozicki: "Re: (New ?) Macro security hole in Word 97"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
From: "Bongard, Dominique" <Bongard.DominiquePMINTL.CH>
Sent: Friday, July 21, 2000 9:46 AM
> When the next user on my station opened word, the file was automatically
> opened, and the macro executed without asking for any confirmation.
I have found the same problem on Windows 2000, running MS Word 2000 (without
SR1). Temp file was saved in my private TEMP directory, not system-wide. I
have international (Polish) version of Windows 2000 and Office 2000.
Together with another vulnerability ("Force Feeding" - bugtraqid 1394) this
could be very dangerous - simple HTML may put
Auto_Recovery_of_eat_me_now.asd
in user's temp directory. When he/she starts MS Word, it will be
executed, regardless of Word macro setting. I have not tested it - "force
feeding" does not work for me.
Regards
B.
- Next message: Max Vision: "Re: Roxen Web Server Vulnerability"
- Previous message: Wichert Akkerman: "Re: Cobalt RaQ 3 security hole?"
- In reply to: Bongard, Dominique: "(New ?) Macro security hole in Word 97"
- Reply: Bronek Kozicki: "Re: (New ?) Macro security hole in Word 97"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]