[16824] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Double clicking on MS Office documents from Windows Explorer

daemon@ATHENA.MIT.EDU (Matthew Dharm)
Tue Sep 19 14:50:11 2000

Mail-Followup-To: Microsoft Security Response Center <secure@MICROSOFT.COM>,
                  BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
              protocol="application/pgp-signature"; boundary="1UWUbFP1cBYEclgG"
Content-Disposition: inline
Message-ID:  <20000918130009.B32151@one-eyed-alien.net>
Date:         Mon, 18 Sep 2000 13:00:09 -0700
Reply-To: Matthew Dharm <mdharm@ONE-EYED-ALIEN.NET>
From: Matthew Dharm <mdharm@ONE-EYED-ALIEN.NET>
X-To:         Microsoft Security Response Center <secure@MICROSOFT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <C10F7F33B880B248BCC47DB4467388473493B2@red-msg-07.redmond.corp.microsoft.com>; from secure@MICROSOFT.COM
              on Mon, Sep 18, 2000 at 11:58:41AM -0700

--1UWUbFP1cBYEclgG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 18, 2000 at 11:58:41AM -0700, Microsoft Security Response Cente=
r wrote:
> If anyone can devise a compelling exploit scenario for this issue --
> one that would allow a malicious user to exploit it without the
> user's consent -- we'd be most interested in investigating it.
> Regards,

Consider the case of an e-mail program which, like many on the market,
places all attached files in a particular directory, and offers a way to
open these documents from within the message-viewing screen.  These programs
often invoke the same or similar code paths as double-clicking the document
itself.

In this case, the user will see two files -- the document and the dll.
They may believe that they are safe if they simply do not execute the dll.
However, by launching the document they will invoke the code in the dll.
They could even have installed protection against "macro virii" and believe
they are safe from malicious documents.

Matt Dharm

--=20
Matthew Dharm                              Home: mdharm@one-eyed-alien.net=
=20

G:  Let me guess, you started on the 'net with AOL, right?
C:  WOW! d00d! U r leet!
					-- Greg and Customer=20
User Friendly, 2/12/1999

--1UWUbFP1cBYEclgG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5xnRJz64nssGU+ykRAqahAJ9TEhmMLX5VNPL7JHZ+g58nMJqbCwCfWoEn
r9R85rEkG/3aKNWFowX3eQc=
=ptqE
-----END PGP SIGNATURE-----

--1UWUbFP1cBYEclgG--

home help back first fref pref prev next nref lref last post