Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wordpad vulnerability, exploitable also in IE for Win9x

From: toasty () DRAGONDATA COM (Kevin Day)
Date: Wed, 23 Feb 2000 11:31:30 -0600



Georgi Guninski security advisory #7, 2000

Wordpad vulnerability, exploitable also in IE for Win9x

Description:
There is a vulnerability in Wordpad which allows executing arbitrary
programs without warning the user after activating an embedded or linked
object. This may be also exploited in IE for Win9x.

Demonstration which starts AUTOEXEC.BAT:
http://www.whitehats.com/guninski/wordpad1.html
Workaround: Do not activate objects in Wordpad documents

Copyright Georgi Guninski


For reference, on my Win2000 system with IE5 and Office 2000 installed, it
instead gives me a dialog box which says:

"You are about to activate an embedded object that may contain viuses or be
otherwise harmful to your computer. It is important that it is from a
trustworthy source. Do you want to continue?"

It appears that it's launching Word instead of Wordpad, if you have Word
installed. (Makes sense, since they probably want to associate rtf with
Word).

Kevin
Previous By Date Next
Previous By Thread Next

Current thread: