>3. It changes All the 3rd Bytes of EditFlags Entries (All from MS Office >documents which contain Docking Objects) to 00. It doesn't allow you to see >what's happening, nor let you change an specific EditFlags... This is available from the AV community since January to address the Russian New Year exploit but would address this issue as well. Feed into REGEDIT or REGEDT32. For full description, see proceedings from InfoSec-Paris, June 1999. It's the third set of zeros that matter. ----------8<---cut here--->8------------- REGEDIT4 [HKEY_CLASSES_ROOT\Word.Addin.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Word.Backup.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Word.Document.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Word.Template.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Word.Wizard.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Excel.Chart.8] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\Excel.Sheet.8] "EditFlags"=hex:00,00,00,00 ----------8<---cut here--->8------------- For Office 2000, replace ".8" with ".9". Add platforms and other extensions at your leisure. Jimmy Kuo
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:04 PDT