And wich "porra" could it means to my computer operation, my dear friend
Alejandro?
What could happen with my documents and with my secrets?
I remain waiting more informations.
Thank you a lot.
Carlos Tebecherane Haddad
----- Original Message -----
From: Alejandro Carriles <[EMAIL PROTECTED]>
To: <mailto:Undisclosed-Recipient:@sv.compuland.com.br>
Sent: Wednesday, September 20, 2000 1:13 PM
Subject: [VotoEletronico] En: [NT] Double clicking on Office documents may
execute arbitrary programs (DLL)
>
> -----Mensagem Original-----
> De: <[EMAIL PROTECTED]>
> Para: <[EMAIL PROTECTED]>
> Enviada em: segunda-feira, 18 de setembro de 2000 18:20
> Assunto: [NT] Double clicking on Office documents may execute arbitrary
> programs (DLL)
>
>
> > The following security advisory is sent to the securiteam mailing list,
> and can be found at the SecuriTeam web site: http://www.securiteam.com
> >
> >
> > Double clicking on Office documents may execute arbitrary
> programs (DLL)
>
> --------------------------------------------------------------------------
> ------
> >
> >
> > SUMMARY
> >
> > If certain DLLs are present in the current directory when a user double
> > clicks on a Microsoft Office Document or launches the document using
> > "Start | Run", those DLLs will be executed instead of the ones provided
> > with Microsoft Office. This would allow executing of native code and may
> > lead to taking full control over user's computer.
> >
> > DETAILS
> >
> > Vulnerable systems:
> > MS Office 2000
> > Windows 98
> > Windows 2000
> >
> > If either of the following files:
> > riched20.dll
> > or
> > msi.dll
> >
> > Are present in the current directory, double clicking on an Office
> > document in the current directory will cause them to be executes
(Loaded,
> > and their DllMain() function called) (Excel seems not to work with
> > riched20.dll but works with msi.dll).
> >
> > Proof of concept:
> > 1) Download dll1.cpp from <http://www.guninski.com/dll1.cpp>
> > http://www.guninski.com/dll1.cpp and build it.
> > 2) Rename dll1.dll to riched20.dll
> > 3) Place riched20.dll in a directory of your choice
> > 4) Close all Office applications
> > 5) From Windows Explorer double click on an Office document (preferably
MS
> > Word document) in the directory congaing riched20.dll
> >
> > Workaround:
> > Do not double click on Office documents or use "Start | Run office.doc".
> > Instead start the Office application from "Start Menu" and then use
"File
> > | Open"
> >
> >
> > ADDITIONAL INFORMATION
> >
> > The information has been provided by <mailto:[EMAIL PROTECTED]>
> > Georgi Guninski.
> >
> >
> >
> > ========================================
> >
> >
> > This bulletin is sent to members of the SecuriTeam mailing list.
> > To unsubscribe from the list, send mail with an empty subject line and
> body to: [EMAIL PROTECTED]
> > In order to subscribe to the mailing list, simply forward this email to:
> [EMAIL PROTECTED]
> >
> >
> > ====================
> > ====================
> >
> > DISCLAIMER:
> > The information in this bulletin is provided "AS IS" without warranty of
> any kind.
> > In no event shall we be liable for any damages whatsoever including
> direct, indirect, incidental, consequential, loss of business profits or
> special damages.
> >
> >
> >
> >
> >
> >
>
>
> __________________________________________________
> Pagina, Jornal e Forum do Voto Eletronico
> http://www.votoseguro.org
> __________________________________________________
>
__________________________________________________
Pagina, Jornal e Forum do Voto Eletronico
http://www.votoseguro.org
__________________________________________________
