Office XP security hole
-
Take a look at http://www.guninski.com/vv3-2demo.html This is *really* scarry! A fix can be downloaded at http://www.codeit.dk/christian/xpfix.zip The source code (C++/MFC) is available here: http://www.codeit.dk/christian/xpfix_src.zip Christian Skovdal Andersen
-
Take a look at http://www.guninski.com/vv3-2demo.html This is *really* scarry! A fix can be downloaded at http://www.codeit.dk/christian/xpfix.zip The source code (C++/MFC) is available here: http://www.codeit.dk/christian/xpfix_src.zip Christian Skovdal Andersen
-
DONT RUN THIS!!! I've tried the first link like a fool, it tunnelled thru our firewall straight into my Dev Machine, popuped up a cmd.exe box and Dir'd my c:\ This is damn worrying... Norm
Based on your response, Norm, I can only assume that the firewall I'm behind behaves a little more securely. When I click on the link, I'm told that there is 'no such host'. Although I don't understand the reference to Office XP in the subject. Chris
-
Based on your response, Norm, I can only assume that the firewall I'm behind behaves a little more securely. When I click on the link, I'm told that there is 'no such host'. Although I don't understand the reference to Office XP in the subject. Chris
-
Chris, We're using BlackICE what firewall are you using, so I can order it immediately. Norm
I'm at work and it's a very LARGE corporate network (+20,000 user's). I actually have no idea what firewall software/hardware combination is in use. WRT BlackICE, check out www.grc.com for some comparisons about firewalls. I'll be interested to see what happens later at home, though. I use ZoneAlarm and have an always connected cable modem. I'll post what happens using that connection. Chris
-
DONT RUN THIS!!! I've tried the first link like a fool, it tunnelled thru our firewall straight into my Dev Machine, popuped up a cmd.exe box and Dir'd my c:\ This is damn worrying... Norm
Looking at the script code at the page, it's not going through any kind of firewall. It's all running on the client machine (your Dev Machine). A better firewall isn't going to help. Still, this is very bad. Just some VBScript and it could do some really bad things. Craig Dodge A catchy signature should appear here.
-
DONT RUN THIS!!! I've tried the first link like a fool, it tunnelled thru our firewall straight into my Dev Machine, popuped up a cmd.exe box and Dir'd my c:\ This is damn worrying... Norm
I just got an dialogbox, telling about a runtime error in IE... - Anders Money talks, but all mine ever says is "Goodbye!"
-
Take a look at http://www.guninski.com/vv3-2demo.html This is *really* scarry! A fix can be downloaded at http://www.codeit.dk/christian/xpfix.zip The source code (C++/MFC) is available here: http://www.codeit.dk/christian/xpfix_src.zip Christian Skovdal Andersen
So for those of us without OXP, and without the balls to run a random web page with known malicious script, care to explain what happens? --Mike-- http://home.inreach.com/mdunn/ Sometimes, arming yourself with a big pointy stake just won't do you any good.
-
Take a look at http://www.guninski.com/vv3-2demo.html This is *really* scarry! A fix can be downloaded at http://www.codeit.dk/christian/xpfix.zip The source code (C++/MFC) is available here: http://www.codeit.dk/christian/xpfix_src.zip Christian Skovdal Andersen
most of you guys probably aren't running Office XP. if you are running OXP the .ocx that shows your inbox on the page has the ability to get the Application object, which has the ability (this guy found out) to run any command on the system. if you are not running OXP then you get a script error. here's the article on the Reg http://www.theregister.co.uk/content/4/20373.html -John
-
Take a look at http://www.guninski.com/vv3-2demo.html This is *really* scarry! A fix can be downloaded at http://www.codeit.dk/christian/xpfix.zip The source code (C++/MFC) is available here: http://www.codeit.dk/christian/xpfix_src.zip Christian Skovdal Andersen
-
DONT RUN THIS!!! I've tried the first link like a fool, it tunnelled thru our firewall straight into my Dev Machine, popuped up a cmd.exe box and Dir'd my c:\ This is damn worrying... Norm
Not only that but it opened my Outlook inbox and displayed the first email in it, along with a note from the coder saying that the message can be deleted. Holy socks.... regards, Paul Watson Cape Town, South Africa e: paulmwatson@email.com w: vergen.org
-
So for those of us without OXP, and without the balls to run a random web page with known malicious script, care to explain what happens? --Mike-- http://home.inreach.com/mdunn/ Sometimes, arming yourself with a big pointy stake just won't do you any good.
There is an article here http://www.guninski.com/vv2xp.html For once the Microsoft bashing may be somewhat justified :-( Christian Skovdal Andersen
-
Take a look at http://www.guninski.com/vv3-2demo.html This is *really* scarry! A fix can be downloaded at http://www.codeit.dk/christian/xpfix.zip The source code (C++/MFC) is available here: http://www.codeit.dk/christian/xpfix_src.zip Christian Skovdal Andersen
While this is indeed a security hole, it's simply the result of a mistake. Someone accidentally marked a control as safe for scripting when it wasn't. It's a simple fix in the registry. These kinds of bugs are always going to be difficult, and it really has little to do with Office or Windows or whatever. The most common kind of bug is a buffer overflow bug, and that can cause all kinds of havoc. Sadly, there is tons of code that works just fine, but exposes security holes. FTP programs, web servers, email programs, and many more, and they don't have to come from MS to do that.