Penetration Testing mailing list archives
Re: [PEN-TEST] Usability of MS-Office Products
From: "Deus, Attonbitus" <Thor () HAMMEROFGOD COM>
Date: Tue, 5 Sep 2000 06:22:49 -0700
These don't use the 'phone home' embedded HTML/Image that is all the rage on bt, but I can give you a couple of cool ones that use Office products. If you have not used the IE/Access exploit yet, it is worthy of a look. It allows the execution of a remote Access db via HTTP using the Object tag, and executes by simply previewing an email- not attachements or anything like that. Quite cool, but there is a fully supported patch out and it received some publicicity, so it may have been fixed in a few places (though, the patch was IE version specific even to what SP you had, so I doubt a comprehensive rollout has been done everywhere). The other requires NetBIOS, but it also allows for an Access file to launch when you specify it as the source of a mail merge doc in Word. This one would be great if you were already inside, and wanted to execute arbitrary code on a box. Basically, send an email to the domain admin with an attached Word file. When he opens the word doc, the access code executes and bada-bing. This seems to be 'designed' behavior, and no patch has been released as far as I have seen. There are lots more (along with details on how to do each) if you just want to search bt for 'Office'. You should get lots of returns. Also, check out Georgi Guninski's site- he seems to be the authority on this stuff: http://www.nat.bg/~joro/ ---------------------------------------------------------------- Attonbitus Deus thor () hammerofgod com ----- Original Message ----- From: "Alexander Sarras (SEA)" <Alexander.Sarras () SEA ERICSSON SE> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Monday, September 04, 2000 10:39 PM Subject: [PEN-TEST] Usability of MS-Office Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Currenttly there's an ongoing discussion on Bugtraq concerning the possibility of embedding hidden html-commands inside of office documents. Anybody already looked at that from an intruders point of view. I'm not sure yet, since I don't use those products much, but I think this might have possibilities, especially on Win9x-systems. SaS -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.1 Int. Comment: Even paranoiacs have enemies! iQA/AwUBObR4pvNEKPH/spuMEQLioQCgt2mSdjSnPuTbJx2mQcsA9wB1P58An1TI 4necrjx361fYqP+0SdSWgip6 =OZ0r -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Usability of MS-Office Products Alexander Sarras (SEA) (Sep 05)
- Re: [PEN-TEST] Usability of MS-Office Products Deus, Attonbitus (Sep 05)