[Esd-l] ANN: devel sanitizer now has check for Office BO attack
John D. Hardin
jhardin at impsec.org
Thu Sep 4 21:34:10 PDT 2003
All:
The recently announced Microsoft Office Suite buffer overflow
vulnerability:
http://www.securityfocus.com/archive/1/336027/2003-08-31/2003-09-06/0
...is now detected by the Office Macro Scanner in the development
version of the Sanitizer available at:
http://www.impsec.org/email-tools/development/html-trap.procmail
I will run it here until this weekend, then do an official release if
no problems occur. If you don't want to wait until this weekend you
can grab the devel sanitizer, or you can add the following code
snippet to your existing sanitizer:
if (/\000(ID="{.{36}[^}][^\000\012\015]{5,})/i) { #\
$why .= " 99 for $1\n"; #\
$score+= 99; #\
} #\
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
62 days until Matrix Revolutions
More information about the esd-l
mailing list