lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 14 Oct 2006 08:32:49 -0000
From: edubp2002@...mail.com
To: bugtraq@...urityfocus.com
Subject: Re: Secunia Research: Microsoft Windows Object Packager Dialog
 Spoofing

I knew about this particular flaw for some time . (honestly I found it by accident, like I think the the security researcher from secunia did...or maybe it leaked from where I posted it?!?!?!!! :P). 

This could be a bit more critical if :

1) a '\' (not a '/') was placed at the end of the command line followed by an arbitrary name which could be eg. '\mypicture.bmp ' then at the object icon, a real bmp icon is set and the object name set to 'mypicture.bmp' so that the packager would precisely show only 'mypicture.bmp' at the warning msg n not a part of the command line as it would appear if a '/' was put instead of '\'.

2) renaming the .RTF file to .WRI, that would make the file be opened in wordpad since by default WRI files are opened in wordpad even with MS Word installed, and therefore not needing to embed a wordpad document in a word / powerpoint / excel and then less user interaction would be required. Plus if u embed a real picture in Wordpad it does NOT show the picture, it shows the default icon for that kind of image, eg. a bmp picture. MS Word, on the other hand shows the picture inside the document not an icon.

well dont panic it is patched by now ;)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ