New Office XP security problems

Discussion in 'other security issues & news' started by Paul Wilders, Apr 2, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Summary

    Two new security vulnerabilities in Office XP has been discovered, one of the vulnerabilities will allow an attacker to cause an end user to execute arbitrary JavaScript automatically upon forwarding or replying to an email, the other allows saving of files to the user's local hard drive with the content we desire it to include.


    Details

    Systems affected:
    Office XP

    There are at least two new vulnerabilities in Office XP:
    1. It is possible to embed active content (Object and Script) in HTML based emails that is triggered if the user chooses to reply or forward the email.

    2. A bug in Microsoft's Spreadsheet component allows saving of local files to anywhere on the user's hard drive and to control the content of that file.

    The vulnerability is caused by the Host() function (this vulnerability can be exploited remotely with the help of vulnerability #1). The Host() function allows creating of files with arbitrary names and control their content. This is sufficient to place an executable file (.HTA) in user's startup directory that would in turn allow taking full control over user's computer (This probably may be called Cross Application Scripting because one application uses object from another application).

    -----

    source: securiteam.com
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.