Full Disclosure mailing list archives
Re: FW: Microsoft Security Bulletin MS03-035
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 16 Oct 2003 14:57:16 +1300
"Alex Mega" <korund () hotmail com> wrote:
What is the essence of MS Word bug Microsoft Security Bulletin MS03-035: Flaw in Microsoft Word Could Enable Macros to Run Automatically(827653) There are no details of bug nature in this bulletin, just general info. What's, in fact, is this Word macro malfunction itself?
Basically there is a "magic bit" that is checked at an early level of the "macro security checking" process, but which is not checked at other levels of macro functionality __AND__ that is irrelevant to later functionality of any macros present. Thus the early "are theer macros to worry about" check can decide "nope -- all clear" and then later parts of the file parsing will see the macros and process them. This is especially problematic in this case as the "there are no macros to worry about" decision fails open, meaning that the macros that it can let "slip by" are processed as if approved by the security checking process when, in fact, they were unseen by it. In short, as is so common with so many Microsoft "security" functions, the implementation of the security controls on a measure is almost entirely divorced from the actual implementation of the feature itself. It seems clear that "fail safe" is not part of any standard design conception at MS, yet MS wonders why it keeps getting pinged for "clearly not understanding security basics". How many more things like this will have to be found in MS products before the coders in Redmond accept that self-doubt is a necessary addition to their apparrently deluded self-image of "perfection"? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- FW: Microsoft Security Bulletin MS03-035 Alex Mega (Oct 15)
- Re: FW: Microsoft Security Bulletin MS03-035 Nick FitzGerald (Oct 15)
- <Possible follow-ups>
- RE: FW: Microsoft Security Bulletin MS03-035 Discini, Sonny (Oct 15)