[19349] in bugtraq
Re: MSword execution of dlls
daemon@ATHENA.MIT.EDU (Ben Greenbaum)
Fri Feb 23 12:26:06 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.30.0102230959400.25252-100000@mail>
Date: Fri, 23 Feb 2001 10:04:31 -0700
Reply-To: Ben Greenbaum <bgreenbaum@SECURITYFOCUS.COM>
From: Ben Greenbaum <bgreenbaum@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010223024719.68A7E25121B@lists.securityfocus.com>
Yes, there are several ways to execute code from Word locally, many
obscure or even completely undocumented (and a few probably completely
unintentional). However I don't see the need to inundate bugtraq with the
lists of them that are being submitted, as they do not in and of
themselves constitute a risk. If people have specific examples of
scenarios where a lock-down procedure or product fails to block access to
something that is supposed to be blocked, that is a different matter, but
please do not submit things that only give you the same access level you
already have :)
Thank you,
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
