Bugtraq mailing list archives
Re: Some Thoughts About The "So Called" Excel97 ODBC Security Vulnerability
From: Jimmy_Kuo () NAI COM (Kuo, Jimmy)
Date: Wed, 11 Aug 1999 01:03:14 -0700
3. It changes All the 3rd Bytes of EditFlags Entries (All from MS Office documents which contain Docking Objects) to 00. It doesn't allow you to see what's happening, nor let you change an specific EditFlags...
This is available from the AV community since January to address the Russian New Year exploit but would address this issue as well. Feed into REGEDIT or REGEDT32. For full description, see proceedings from InfoSec-Paris, June 1999. It's the third set of zeros that matter. ----------8<---cut here--->8------------- REGEDIT4 [HKEY_CLASSES_ROOT\Word.Addin.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Word.Backup.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Word.Document.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Word.Template.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Word.Wizard.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Excel.Chart.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Excel.Sheet.8] "EditFlags"=hex:00,00,00,00 ----------8<---cut here--->8------------- For Office 2000, replace ".8" with ".9". Add platforms and other extensions at your leisure. Jimmy Kuo
Current thread:
- Some Thoughts About The "So Called" Excel97 ODBC Security Vulnerability Wanderley J. Abreu Jr. (Aug 09)
- Re: Some Thoughts About The "So Called" Excel97 ODBC Security Vulnerability BUGTRAQ () SECURITYFOCUS COM Bronek Kozicki (Aug 11)
- <Possible follow-ups>
- Re: Some Thoughts About The "So Called" Excel97 ODBC Security Vulnerability Kuo, Jimmy (Aug 11)