Bugtraq mailing list archives
Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
From: aleph () SECURITYFOCUS RBITRARYPROGRAMSINSOMECASESCOM insecure org
Date: Mon, 18 Sep 2000 14:23:54 -0700
I am sorry but that is a cop-out. The are plenty of scenarios where you could use this vulnerability to perform an escalation of privilege attack. Imagine an intruder that has penetrated a company. He has obtained access to the companies file server which is used only to share data files, but he has not obtained access to the CEO's computer in which the data he wishes to obtain is stored. By looking at the file share traffic he knows the CEO opens Office documents on the file server, but he is a security conscious guy and has disabled all macros and other dangerous functionality. The intruder is out of luck... ...Until now. Now the attacker only needs to drop a malicious DLL into the same folder as a file he knows the CEO opens on a regular basis on the file server and wait until he opens it and the DLL has not already been loaded. This is not an uncommon state. For example, this is the case when opening a for the first time document after the machine has rebooted. Once the malicious DLL loads the intruder has full access to the CEO's system. I am sure you can think of other scenarios. Also is likely to affect any Windows applications, not only Office as the problem is in the core Window functions for loading libraries. There is no reason these functions should trust a remote system unless explicitly told so, or even a local directory not owned by the user (Windows NT/2000). In the same vein, just because most people are protected by a firewall it does not mean SMB should attempt to authenticate via NTLM automatically with anyone. It should observe the Security Zones settings the same way IE does, and now the W2K telnet client. I am surprised you could not come up with this scenario given that you have in your group people that taught classes on how to make use of small vulnerabilities are stepping stones to breach corporate networks (hi Eric). -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
Current thread:
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Microsoft Security Response Center (Sep 18)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Timothy J. Miller (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases John Lange (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorermay execute arbitrary programs in some cases Crist Clark (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Chip Andrews (Sep 20)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Matthew Dharm (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases aleph (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Milan Kopacka (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases van der Kooij, Hugo (Sep 19)
- <Possible follow-ups>
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Todd Ransom (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Francis Favorini (Sep 19)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases John Wiltshire (Sep 20)
- Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Timothy J. Miller (Sep 19)