Microsoft builds a sandbox for Office 2010

ronjor · #1 July 24th, 2009, 05:34 PM

Quote:

According to a post on the Microsoft Office product development group blog by Brad Albrecht, future Office programs are going to open all documents that are in any way suspect in a sandbox. While there, the document will have strictly limited ways of interacting with the system that it's running on. In particular, it won't be able to read, far less change, any local files. Java, for example, uses a similar sandbox mechanism to run applets obtained from the internet, without causing any hazard to the local system.

The H Security

funkydude · #2 July 24th, 2009, 05:41 PM

Brilliant news, thank you

Any news on any kind of beta?

Pedro · #4 July 24th, 2009, 06:50 PM

Quote:

Originally Posted by ssj100

Can someone please educate me how for example a .doc file can cause problems to your system? Thanks.

http://office.microsoft.com/en-us/pr...192301033.aspx

Kees1958 · #5 July 27th, 2009, 07:25 PM

Some data formats also contain small parts of programming code, have macro's wiritten in VBA, some contain meta data with code in it, some are in a format which also contains code, how much variations do you want?

Rmus · #6 July 28th, 2009, 12:43 AM

Quote:

Originally Posted by ssj100

Can someone please educate me how for example a .doc file can cause problems to your system? Thanks.

See this thread:

http://www.wilderssecurity.com/showthread.php?t=245775

Note that by using the .rtf extension, the attack can run from within MSWord, or Wordpad, if MSWord is not installed, as in the case with aigle.

Here is an old article, describing another means of using Office documents to drop malware:

Microsoft Office Security, part one
http://www.securityfocus.com/infocus/1874

----
rich

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search