[Esd-l] Modifying the sanitizer to scan for INCLUDETEXT
fields
John D. Hardin
jhardin at impsec.org
Thu Sep 26 21:18:01 PDT 2002
On Thu, 26 Sep 2002, Brett Glass wrote:
> John:
>
> I've modified my own sanitizer to scan Word files for INCLUDETEXT
> fields in Word documents. Given Microsoft's non-response to this
> gaping hole, you might want to as well.
>
> --Brett Glass
This is the "steal-a-file" vulnerability?
Do you have a patch? Or is there a reference to the details of the
exploit that you could provide?
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
83 days until The Two Towers
More information about the esd-l
mailing list