[25006] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: More Office XP problems

daemon@ATHENA.MIT.EDU (Paul Szabo)
Tue Apr 9 01:49:16 2002

Date: Mon, 8 Apr 2002 06:46:49 +1000 (EST)
From: psz@maths.usyd.edu.au (Paul Szabo)
Message-Id: <200204072046.g37KknF282113@milan.maths.usyd.edu.au>
To: BUGTRAQ@securityfocus.com, kevin@kbrownfox.net

Kevin Brown kevin@kbrownfox.net wrote:

> RTF is a benign file format and does not support scripting or embedded
> HTML tags.

It does macros, and may cause exploitable buffer overflows in viewers.
You must have the MS security patches

  RTF document linked to template can run macros without warning:
    http://www.microsoft.com/technet/security/bulletin/ms01-028.asp 

  Malformed RTF Control Word:
    http://www.microsoft.com/technet/security/bulletin/ms00-005.asp 

installed.

Cheers,

Paul Szabo - psz@maths.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[25006] in bugtraq

RE: More Office XP problems

daemon@ATHENA.MIT.EDU (Paul Szabo)Tue Apr 9 01:49:16 2002

daemon@ATHENA.MIT.EDU (Paul Szabo)
Tue Apr 9 01:49:16 2002