Bugtraq mailing list archives
Re: MSword execution of dlls
From: "Ryan W. Maple" <ryan () GUARDIANDIGITAL COM>
Date: Thu, 22 Feb 2001 13:59:23 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 22 Feb 2001, Anders Ingeborn wrote:
Solution: We have discussed this with MS support (2001-01-29) and according to them this should be handled/prevented by setting access control lists so that users are given read-only rights and restricted from running applications in the directory where the document and .dll are stored.
Not to bash Microsoft, but it sounds to me like this is just blurring the issue. If you can open up a Word document and have it execute arbitrary code, then the software is broken. IMHO, you should not have to setup ACLs to protect yourself from your own software. I take it from your comment that they are not planning on fixing it. Just my worthless $.02 :) Cheers, Ryan +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+ Ryan W. Maple "I dunno, I dream in Perl sometimes..." -LW Guardian Digital, Inc. ryan () guardiandigital com +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6lWGOIwAIA9MpKWcRAnUdAKCwxKOk1HGroMoTeS4v3AJOfl/1dQCfWD4J CnamRC1B9Udm+AGVOcQ7eZo= =yyAt -----END PGP SIGNATURE-----
Current thread:
- MSword execution of dlls Anders Ingeborn (Feb 22)
- Re: MSword execution of dlls Ryan W. Maple (Feb 22)
- Re: MSword execution of dlls H D Moore (Feb 22)
- <Possible follow-ups>
- Re: MSword execution of dlls Ben Greenbaum (Feb 23)