|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Wordpad vulnerability, exploitable also in IE for Win9x
From: Craig Williams (craig.williams
HOOKRISE.COM)Date: Wed Feb 23 2000 - 10:48:04 CST
- Next message: MJE: "Re: Wordpad vulnerability, exploitable also in IE for Win9x"
- Previous message: Seth Georgion: "Re: Wordpad vulnerability, exploitable also in IE for Win9x"
- Maybe in reply to: Georgi Guninski: "Wordpad vulnerability, exploitable also in IE for Win9x"
- Next in thread: MJE: "Re: Wordpad vulnerability, exploitable also in IE for Win9x"
- Maybe reply: Craig Williams: "Re: Wordpad vulnerability, exploitable also in IE for Win9x"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I don't see how you can blame MS for this. Its just the same as "open with
..." or "save as" -
if you open a document you don't know AND then double click an object inside
it, you deserve
whatever you get.
My 2c ;)
Craig
Disclaimer:
The opinions expressed in this advisory and program are my own and not
of any company.
> -----Original Message-----
> From: Georgi Guninski [mailto:joroNAT.BG]
> Sent: 23 February 2000 14:29
> To: win2ksecadviceLISTSERV.NTSECURITY.NET
> Subject: Wordpad vulnerability, exploitable also in IE for Win9x
>
>
> Georgi Guninski security advisory #7, 2000
>
> Wordpad vulnerability, exploitable also in IE for Win9x
>
> Disclaimer:
> The opinions expressed in this advisory and program are my own and not
> of any company.
> The usual standard disclaimer applies, especially the fact that Georgi
> Guninski is not liable for any damages caused by direct or
> indirect use
> of the information or functionality provided by this program.
> Georgi Guninski, bears NO responsibility for content or misuse of this
> program or any derivatives thereof.
>
> Description:
> There is a vulnerability in Wordpad which allows executing arbitrary
> programs without warning the user after activating an
> embedded or linked
> object. This may be also exploited in IE for Win9x.
>
> Details:
> Wordpad executes programs embeded in .doc or .rtf documents
> without any
> warning if the object is activated by doubleclick.
> This may be exploited in IE for Win9x using the view-source: protocol.
> The view-source: protocol starts Notepad, but if the file is
> large, then
> the user is asked to use Wordpad.
> So creating a large .rtf document and creating a HTML
> view-source: link
> to it in a HTML page or HTML based email message will prompt
> the user to
> use Wordpad and a program may be executed if the user
> doubleclicks on an
> object in the opened document.
>
> Demonstration which starts AUTOEXEC.BAT:
> http://www.whitehats.com/guninski/wordpad1.html
> Workaround: Do not activate objects in Wordpad documents
>
> Copyright Georgi Guninski
>
> Regards,
> Georgi Guninski
> http://www.nat.bg/~joro
>
> _____________________________________________________________________
> ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
> ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
> SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
>
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: MJE: "Re: Wordpad vulnerability, exploitable also in IE for Win9x"
- Previous message: Seth Georgion: "Re: Wordpad vulnerability, exploitable also in IE for Win9x"
- Maybe in reply to: Georgi Guninski: "Wordpad vulnerability, exploitable also in IE for Win9x"
- Next in thread: MJE: "Re: Wordpad vulnerability, exploitable also in IE for Win9x"
- Maybe reply: Craig Williams: "Re: Wordpad vulnerability, exploitable also in IE for Win9x"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]