[Esd-l] Modifying the sanitizer to scan for INCLUDETEXT fields

John D. Hardin jhardin at impsec.org
Sun Oct 6 11:52:01 PDT 2002

On Wed, 2 Oct 2002, Brett Glass wrote:

> You may also want to scan for an INCLUDEPICTURE field. According
> to some recently published articles, it's potentially even more
> dangerous than INCLUDETEXT because it can contain an arbitrary URL
> that can be generated from VBA variables and/or function calls.

Okay, I generated a sample document to see what they look like and
added a check for them to the macro scanner.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
   73 days until The Two Towers

More information about the esd-l mailing list