funsec mailing list archives
Re: Are Office document files also an attack vector for the .WMF flaw?
From: Tom Van Vleck <thvv () multicians org>
Date: Thu, 29 Dec 2005 11:03:16 -0500
On Dec 29, 2005, at 10:34 AM, Richard M. Smith wrote:
I suspect that a booby-trapped .WMF file can be embedded in Office files (Word, Excel, PowerPoint, ....) and will auto-execute when a document fileis opened.
I think it's worse than that.. it's not just WMF. Native Word etc may also be vulnerable to buffer overflow attacks, unless they rigorously check every value when reading their proprietary files. I have seen Word crash when attempting to open a damaged .doc file, which shows that it didn't check perfectly. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Are Office document files also an attack vector for the .WMF flaw? Richard M. Smith (Dec 29)
- Re: Are Office document files also an attack vector for the .WMF flaw? Tom Van Vleck (Dec 29)
- RE: Are Office document files also an attack vector for the.WMF flaw? Peter Kruse (Dec 29)
- RE: Are Office document files also an attack vector for the.WMF flaw? Larry Seltzer (Dec 30)