dleblancMINDSPRING.COM

• Next message: H Carvey: "Re: reporting local security problems for WinNT (Re: Escalation of privileges)"
• Previous message: Jonathan Leto: "Neoboard 3.0 insecurely creates passwords"
• In reply to: Ben Greenbaum: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
• Reply: David LeBlanc: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 05:04 PM 8/10/00 -0700, Ben Greenbaum wrote:
>"This may be exploited also by visiting a web page with IE or
>opening/previewing HTML email message with Outlook."

>While this sentence is accurate, it is misleading as this vulnerability
>can be exploited via any delivery mechanism at all, including Netscape
>Navigator, Netscape Messenger, ftp etc. As long as the file is delivered
>and opened in a vulnerable version of Word/Access, it works.

It is also a good thing to note that either the Word file and the Access
database both have to be delivered at once, or the victim has to be able to
open the Access file in some manner. For example, posting an Access file to
some SMB share located on the internet, and then delivering the Word file
to a user behind a properly configured firewall (i.e., outbound SMB
connections are blocked) would not allow the exploit to fire.

David LeBlanc
dleblancmindspring.com

• Next message: H Carvey: "Re: reporting local security problems for WinNT (Re: Escalation of privileges)"
• Previous message: Jonathan Leto: "Neoboard 3.0 insecurely creates passwords"
• In reply to: Ben Greenbaum: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
• Reply: David LeBlanc: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]