Bugtraq mailing list archives
Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
From: Matthew Dharm <mdharm () ONE-EYED-ALIEN NET>
Date: Mon, 18 Sep 2000 13:00:09 -0700
On Mon, Sep 18, 2000 at 11:58:41AM -0700, Microsoft Security Response Center wrote:
If anyone can devise a compelling exploit scenario for this issue -- one that would allow a malicious user to exploit it without the user's consent -- we'd be most interested in investigating it. Regards,
Consider the case of an e-mail program which, like many on the market, places all attached files in a particular directory, and offers a way to open these documents from within the message-viewing screen. These programs often invoke the same or similar code paths as double-clicking the document itself. In this case, the user will see two files -- the document and the dll. They may believe that they are safe if they simply do not execute the dll. However, by launching the document they will invoke the code in the dll. They could even have installed protection against "macro virii" and believe they are safe from malicious documents. Matt Dharm -- Matthew Dharm Home: mdharm () one-eyed-alien net G: Let me guess, you started on the 'net with AOL, right? C: WOW! d00d! U r leet! -- Greg and Customer User Friendly, 2/12/1999
Attachment:
_bin
Description:
Current thread:
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Microsoft Security Response Center (Sep 18)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Timothy J. Miller (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases John Lange (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorermay execute arbitrary programs in some cases Crist Clark (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Chip Andrews (Sep 20)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Matthew Dharm (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases aleph (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Milan Kopacka (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases van der Kooij, Hugo (Sep 19)
- <Possible follow-ups>
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Todd Ransom (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Francis Favorini (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases John Wiltshire (Sep 20)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Timothy J. Miller (Sep 19)