Bugtraq mailing list archives
Re: Wordpad vulnerability, exploitable also in IE for Win9x
From: toasty () DRAGONDATA COM (Kevin Day)
Date: Wed, 23 Feb 2000 11:31:30 -0600
Georgi Guninski security advisory #7, 2000 Wordpad vulnerability, exploitable also in IE for Win9x Description: There is a vulnerability in Wordpad which allows executing arbitrary programs without warning the user after activating an embedded or linked object. This may be also exploited in IE for Win9x. Demonstration which starts AUTOEXEC.BAT: http://www.whitehats.com/guninski/wordpad1.html Workaround: Do not activate objects in Wordpad documents Copyright Georgi Guninski
For reference, on my Win2000 system with IE5 and Office 2000 installed, it instead gives me a dialog box which says: "You are about to activate an embedded object that may contain viuses or be otherwise harmful to your computer. It is important that it is from a trustworthy source. Do you want to continue?" It appears that it's launching Word instead of Wordpad, if you have Word installed. (Makes sense, since they probably want to associate rtf with Word). Kevin
Current thread:
- Wordpad vulnerability, exploitable also in IE for Win9x Georgi Guninski (Feb 23)
- Re: Wordpad vulnerability, exploitable also in IE for Win9x Kevin Day (Feb 23)
- Re: Wordpad vulnerability, exploitable also in IE for Win9x Scott (Feb 23)
- How the password could be recover using FTP Explorer's registry! Nelson (Feb 24)
- Re: How the password could be recover using FTP Explorer's registry! Seth R Arnold (Feb 25)
- Re: How the password could be recover using FTP Explorer's registry! Rishi Lee Khan (Feb 27)
- Re: How the password could be recover using FTP Explorer's registry! Mikael Olsson (Feb 26)
- Re: How the password could be recover using FTP Explorer's registry! Jeffrey Paul (Feb 28)
- How the password could be recover using FTP Explorer's registry! Nelson (Feb 24)
- lynx - someone is deaf and blind ;) Michal Zalewski (Feb 27)
- EZ Shopper 3.0 shopping cart CGI remote command execution suid () SUID KG (Feb 27)
- Re: EZ Shopper 3.0 shopping cart CGI remote command execution Alex Heiphetz (Feb 28)
- W2K & ~25000+ temp files = crash + corruption? Clifford Hammerschmidt (Feb 28)