Bugtraq mailing list archives
Gnumeric potential security hole.
From: miguel () GNU ORG (Miguel de Icaza)
Date: Tue, 3 Aug 1999 09:23:03 -0500
The Gnumeric spreadsheet contains a number of "plugins". Some of these plugins allow users to define functions in Perl, Python and Guile and export those to the Gnumeric engine. The Guile plugin was exporting a dangerous function that allowed any user to execute arbitrary scheme code. Which means that a gnumeric spredsheet file might have contained malicious code and it would have been executed when Gnumeric evaluates the contents of the cell. To fix this you can either: 1. Upgrade your Gnumeric to a new version of it. 2. You can remove the libgnumguile plugin from the system. best wishes, Miguel
Current thread:
- Gnumeric potential security hole. Miguel de Icaza (Aug 03)