[Esd-l] Modifying the sanitizer to scan for INCLUDETEXT fields

John D. Hardin jhardin at impsec.org
Thu Sep 26 21:18:01 PDT 2002

On Thu, 26 Sep 2002, Brett Glass wrote:

> John:
> I've modified my own sanitizer to scan Word files for INCLUDETEXT
> fields in Word documents. Given Microsoft's non-response to this
> gaping hole, you might want to as well.
> --Brett Glass

This is the "steal-a-file" vulnerability?

Do you have a patch? Or is there a reference to the details of the
exploit that you could provide?

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
   83 days until The Two Towers

More information about the esd-l mailing list