Use o StarOffice Carlos.
Aristóteles
----- Original Message -----
From: Sigmatec <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 21, 2000 10:58 AM
Subject: [VotoEletronico] Re: En: [NT] Double clicking on Office documents
may execute arbitrary programs (DLL)
> And wich "porra" could it means to my computer operation, my dear friend
> Alejandro?
>
> What could happen with my documents and with my secrets?
>
> I remain waiting more informations.
>
> Thank you a lot.
>
> Carlos Tebecherane Haddad
>
>
> ----- Original Message -----
> From: Alejandro Carriles <[EMAIL PROTECTED]>
> To: <mailto:Undisclosed-Recipient:@sv.compuland.com.br>
> Sent: Wednesday, September 20, 2000 1:13 PM
> Subject: [VotoEletronico] En: [NT] Double clicking on Office documents may
> execute arbitrary programs (DLL)
>
>
> >
> > -----Mensagem Original-----
> > De: <[EMAIL PROTECTED]>
> > Para: <[EMAIL PROTECTED]>
> > Enviada em: segunda-feira, 18 de setembro de 2000 18:20
> > Assunto: [NT] Double clicking on Office documents may execute arbitrary
> > programs (DLL)
> >
> >
> > > The following security advisory is sent to the securiteam mailing
list,
> > and can be found at the SecuriTeam web site: http://www.securiteam.com
> > >
> > >
> > > Double clicking on Office documents may execute arbitrary
> > programs (DLL)
> >
>
> --------------------------------------------------------------------------
> > ------
> > >
> > >
> > > SUMMARY
> > >
> > > If certain DLLs are present in the current directory when a user
double
> > > clicks on a Microsoft Office Document or launches the document using
> > > "Start | Run", those DLLs will be executed instead of the ones
provided
> > > with Microsoft Office. This would allow executing of native code and
may
> > > lead to taking full control over user's computer.
> > >
> > > DETAILS
> > >
> > > Vulnerable systems:
> > > MS Office 2000
> > > Windows 98
> > > Windows 2000
> > >
> > > If either of the following files:
> > > riched20.dll
> > > or
> > > msi.dll
> > >
> > > Are present in the current directory, double clicking on an Office
> > > document in the current directory will cause them to be executes
> (Loaded,
> > > and their DllMain() function called) (Excel seems not to work with
> > > riched20.dll but works with msi.dll).
> > >
> > > Proof of concept:
> > > 1) Download dll1.cpp from <http://www.guninski.com/dll1.cpp>
> > > http://www.guninski.com/dll1.cpp and build it.
> > > 2) Rename dll1.dll to riched20.dll
> > > 3) Place riched20.dll in a directory of your choice
> > > 4) Close all Office applications
> > > 5) From Windows Explorer double click on an Office document
(preferably
> MS
> > > Word document) in the directory congaing riched20.dll
> > >
> > > Workaround:
> > > Do not double click on Office documents or use "Start | Run
office.doc".
> > > Instead start the Office application from "Start Menu" and then use
> "File
> > > | Open"
> > >
> > >
> > > ADDITIONAL INFORMATION
> > >
> > > The information has been provided by <mailto:[EMAIL PROTECTED]>
> > > Georgi Guninski.
> > >
> > >
> > >
> > > ========================================
> > >
> > >
> > > This bulletin is sent to members of the SecuriTeam mailing list.
> > > To unsubscribe from the list, send mail with an empty subject line and
> > body to: [EMAIL PROTECTED]
> > > In order to subscribe to the mailing list, simply forward this email
to:
> > [EMAIL PROTECTED]
> > >
> > >
> > > ====================
> > > ====================
> > >
> > > DISCLAIMER:
> > > The information in this bulletin is provided "AS IS" without warranty
of
> > any kind.
> > > In no event shall we be liable for any damages whatsoever including
> > direct, indirect, incidental, consequential, loss of business profits or
> > special damages.
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> > __________________________________________________
> > Pagina, Jornal e Forum do Voto Eletronico
> > http://www.votoseguro.org
> > __________________________________________________
> >
>
>
> __________________________________________________
> Pagina, Jornal e Forum do Voto Eletronico
> http://www.votoseguro.org
> __________________________________________________
__________________________________________________
Pagina, Jornal e Forum do Voto Eletronico
http://www.votoseguro.org
__________________________________________________
