Bugtraq mailing list archives

Re: MSword execution of dlls

From: "Ryan W. Maple" <ryan () GUARDIANDIGITAL COM>
Date: Thu, 22 Feb 2001 13:59:23 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Thu, 22 Feb 2001, Anders Ingeborn wrote:

Solution: We have discussed this with MS support (2001-01-29) and
according to them this should be handled/prevented by setting access
control lists so that users are given read-only rights and restricted
from running applications in the directory where the document and .dll
are stored.


Not to bash Microsoft, but it sounds to me like this is just blurring the
issue.  If you can open up a Word document and have it execute arbitrary
code, then the software is broken.  IMHO, you should not have to setup
ACLs to protect yourself from your own software.  I take it from your
comment that they are not planning on fixing it.

Just my worthless $.02 :)

Cheers,
Ryan

 +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
   Ryan W. Maple          "I dunno, I dream in Perl sometimes..."  -LW
   Guardian Digital, Inc.                     ryan () guardiandigital com
 +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6lWGOIwAIA9MpKWcRAnUdAKCwxKOk1HGroMoTeS4v3AJOfl/1dQCfWD4J
CnamRC1B9Udm+AGVOcQ7eZo=
=yyAt
-----END PGP SIGNATURE-----

Current thread:

MSword execution of dlls Anders Ingeborn (Feb 22)
- Re: MSword execution of dlls Ryan W. Maple (Feb 22)
- Re: MSword execution of dlls H D Moore (Feb 22)
- <Possible follow-ups>
- Re: MSword execution of dlls Ben Greenbaum (Feb 23)