New Office XP security problems

Discussion in 'other security issues & news' started by Paul Wilders, Apr 2, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Jul 1, 2001
    The Netherlands

    Two new security vulnerabilities in Office XP has been discovered, one of the vulnerabilities will allow an attacker to cause an end user to execute arbitrary JavaScript automatically upon forwarding or replying to an email, the other allows saving of files to the user's local hard drive with the content we desire it to include.


    Systems affected:
    Office XP

    There are at least two new vulnerabilities in Office XP:
    1. It is possible to embed active content (Object and Script) in HTML based emails that is triggered if the user chooses to reply or forward the email.

    2. A bug in Microsoft's Spreadsheet component allows saving of local files to anywhere on the user's hard drive and to control the content of that file.

    The vulnerability is caused by the Host() function (this vulnerability can be exploited remotely with the help of vulnerability #1). The Host() function allows creating of files with arbitrary names and control their content. This is sufficient to place an executable file (.HTA) in user's startup directory that would in turn allow taking full control over user's computer (This probably may be called Cross Application Scripting because one application uses object from another application).


Thread Status:
Not open for further replies.