Results 1 to 3 of 3

Thread: New Office XP Vulnerability

  1. #1
    Senior Member
    Join Date
    Jan 2002

    Exclamation New Office XP Vulnerability




    April 3, 2002


    In a post to Bugtraq on April 2, security researcher Georgi Guninski
    described two security vulnerabilities involving components of
    Microsoft Office XP. The first results in the unexpected execution
    of hostile scripts on your system; the second allows an attacker to
    deliver executable files to your hard drive. A hacker could combine
    these vulnerabilities, craft a malicious e-mail, then deliver and
    run malicious code intended to take over your system. There is no
    direct impact on WatchGuard products. If you use Microsoft Office XP
    in your network, consider implementing the workarounds described
    below until a patch becomes available.


    Guninski describes two Microsoft Office XP vulnerabilities in his
    advisory <http://www.guninski.com/m$oxp-2.html>:

    1. Guninski found that it is possible to embed a script within an
    HTML formatted e-mail so that the script executes without warning
    when a user receives the e-mail in Outlook XP, then replies to or
    forwards it. A hacker could use this vulnerability to force
    victim systems to execute a malicious HTML script. This would
    most likely result in pranks that are more annoying than
    damaging, such as changing your browser's home page to an
    offensive site, popping up a hundred browser windows, or popping
    up a dialog box that will not go away. The greater danger is that
    the script could drive your browser to some designated malicious
    Web page, where Trojan code could be loaded onto your machine.

    2. Guninski also found a vulnerability in Office XP's spreadsheet
    component, the code that embeds Excel spreadsheets into HTML and
    Office documents. A flawed function within this component allows
    a hacker to write an arbitrary file to a specific location on
    your hard drive. A hacker could exploit this flaw by sending you
    an HTML e-mail with an embedded spreadsheet that would write a
    malicious program into your Windows startup directory.

    According to Guninski, a hacker can combine these vulnerabilities to
    take over your system. For instance, a hacker could craft a
    malicious HTML e-mail containing an embedded spreadsheet. If you
    replied to or forwarded the malicious e-mail, a script would execute
    and the spreadsheet component would write a Trojan to your startup
    directory. The next time you booted your computer, the hacker would
    have total control of your system.


    Microsoft has not yet released a patch for these two
    vulnerabilities. However, Microsoft states (and WatchGuard testing
    verifies) that you can avoid the Outlook XP script execution
    vulnerability by disabling Word as your default e-mail editor. In
    Outlook XP, go to Tools => Options => Mail Format tab and uncheck
    "Use Microsoft Word to edit e-mail messages." After you do this,
    scripts will not be able to execute when you reply to or forward

    There is no known, verified workaround for the Office XP spreadsheet
    component vulnerability.
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Senior Member
    Join Date
    Aug 2001
    "...Microsoft has not yet released a patch for these two vulnerabilities..."
    as always...

    thx for the warning...

    "Knowledge is the Real Power"

  3. #3
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts