Bugtraq mailing list archives

Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook

From: Ben Greenbaum <bgreenbaum () SECURITYFOCUS COM>
Date: Thu, 10 Aug 2000 17:04:51 -0700

"This may be exploited also by visiting a web page with IE or
opening/previewing HTML email message with Outlook."

While this sentence is accurate, it is misleading as this vulnerability
can be exploited via any delivery mechanism at all, including Netscape
Navigator, Netscape Messenger, ftp etc. As long as the file is delivered
and opened in a vulnerable version of Word/Access, it works.

Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com

Current thread:

MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook Georgi Guninski (Aug 07)
- <Possible follow-ups>
- Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook Ben Greenbaum (Aug 11)
  - Re: MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook David LeBlanc (Aug 14)