RE: More Office XP problems

• Previous message: Nick Lamb: "Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kevin Brown kevinat_private wrote:

> RTF is a benign file format and does not support scripting or embedded
> HTML tags.

It does macros, and may cause exploitable buffer overflows in viewers.
You must have the MS security patches

  RTF document linked to template can run macros without warning:
    http://www.microsoft.com/technet/security/bulletin/ms01-028.asp 

  Malformed RTF Control Word:
    http://www.microsoft.com/technet/security/bulletin/ms00-005.asp 

installed.

Cheers,

Paul Szabo - pszat_private  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

• Next message: 0x90: "regarding SSL issues"
• Previous message: Nick Lamb: "Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 08 2002 - 22:36:56 PDT