Vulnerability Development mailing list archives
Office 97 Word document vulnerability
From: "Young, Brandon" <Brandon.Young () Honeywell com>
Date: Tue, 1 Oct 2002 16:58:51 -0700
All, Has anyone tested this to determine if this exploit (http://online.securityfocus.com/archive/1/289268 ) will insert the whole file or just it's contents. To be more specific, would it be possible to use this exploit to get an end user to send you a copy of their PWL or SAM file (from repair directory)?
From the information I have seen, it is unclear as to exactly how the content is attached to the malicious document,
whether it is only including a copy of the actual text or of it is treating the file as an attachment. I plan to test this next week (hopefully) but thought I'd check to see if any of you have beaten me the punch. Thanks, Brandon
Current thread:
- Office 97 Word document vulnerability Young, Brandon (Oct 01)