|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook
From: Jesper M. Johansson (jjohanss
BU.EDU)Date: Mon Aug 07 2000 - 09:26:02 CDT
- Next message: Georgi Guninski: "Re: MS Word and MS Access vulnerability - executing arbitraryprograms, may be exploited by IE/Outlook"
- Previous message: Georgi Guninski: "MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
- In reply to: Georgi Guninski: "MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
- Next in thread: Georgi Guninski: "Re: MS Word and MS Access vulnerability - executing arbitraryprograms, may be exploited by IE/Outlook"
- Reply: Jesper M. Johansson: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
- Reply: Georgi Guninski: "Re: MS Word and MS Access vulnerability - executing arbitraryprograms, may be exploited by IE/Outlook"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>Georgi Guninski security advisory #17, 2000
MS Word and MS Access vulnerability - executing arbitrary programs, may
be exploited by IE/Outlook
I must be missing something here. I don't understand what this issue has to
do with IE and Outlook? Is it just that I can use them to disseminate the
documents (i.e. attach it to an e-mail message or put a link to it on a web
page?). If so, aren't Netscape and every other mailer also vulnerable?
Word documents do not even open automatically in IE if it has been
configured properly. The default is to save them to disk first, which means
they get executed locally. That means that if the firewall is configured
correctly UNC paths to the database do not work. Hopefully, you won't be
keeping local copies of a malicious database around either. Of course, if
you let Word open documents in place on the web, the game is over, but we
all knew that.
Jesper M. Johansson
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Georgi Guninski: "Re: MS Word and MS Access vulnerability - executing arbitraryprograms, may be exploited by IE/Outlook"
- Previous message: Georgi Guninski: "MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
- In reply to: Georgi Guninski: "MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
- Next in thread: Georgi Guninski: "Re: MS Word and MS Access vulnerability - executing arbitraryprograms, may be exploited by IE/Outlook"
- Reply: Jesper M. Johansson: "Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook"
- Reply: Georgi Guninski: "Re: MS Word and MS Access vulnerability - executing arbitraryprograms, may be exploited by IE/Outlook"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]