|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-Id: <Pine.LNX.4.21.0009190607170.2608-100000@vechtrovna.kolej.mff.cuni.cz> Date: Tue, 19 Sep 2000 06:18:54 +0200 Reply-To: Milan Kopacka <mkop5230@MAIL.KOLEJ.MFF.CUNI.CZ> From: Milan Kopacka <mkop5230@MAIL.KOLEJ.MFF.CUNI.CZ> X-To: Microsoft Security Response Center <secure@MICROSOFT.COM> To: BUGTRAQ@SECURITYFOCUS.COM In-Reply-To: <C10F7F33B880B248BCC47DB4467388473493B2@red-msg-07.redmond.corp.microsoft.com> On Mon, 18 Sep 2000, Microsoft Security Response Center wrote: > If anyone can devise a compelling exploit scenario for this issue -- > one that would allow a malicious user to exploit it without the user's > consent -- we'd be most interested in investigating it. If the user downloads an archive file (ZIP, ...) containing several files including this DLL and some Office files, he will likely extract them all to one directory. He may then open the Office files from this directory without checking the other files hanging around. Regards, Milan Kopacka
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |