[Esa-l]IMPSEC works - or does it.
John D. Hardin
jhardin at impsec.org
Fri May 18 06:43:12 PDT 2001
On Fri, 18 May 2001, Howard Lowndes wrote:
> I assume that php used file magic to determine what the file type
> was and was able to display the spreadsheet because it clearly did
> not use the file name extension and the MIME type was
> application/octet-stream.
Running on a *nix box, that's a safe assumption.
> What concerns me is whether any macros would have been executable
> had they been embedded.
Did it just render the spreadsheet, or did Excel actually get started
on the client's computer (perhaps embedded in their browser)? If the
latter, then yes, macros probably would get executed.
In this case there's little the sanitizer could do.
Does anybody know of a strip-VBA-from-MS-Office-Documents perl module?
--
John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
jhardin at wolfenet.com pgpk -a finger://gonzo.wolfenet.com/jhardin
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
An entitlement beneficiary is a person or special interest group
who didn't earn your money, but demands the right to take your
money because they *want* it.
-- John McKay, _The Welfare State:
No Mercy for the Middle Class_
-----------------------------------------------------------------------
1264 days until the Presidential Election
More information about the esd-l
mailing list