At 02:13 PM 8/23/96 -0700, Ashwin Kumar wrote:
>On Fri, 23 Aug 1996, Bill Stout wrote:
>:Anyone know what the 'serious security flaw' is in MS Explorer 3.0?
<snip>
>The core of the attack is a technique for delivering a document to the
>victim's browser while bypassing the security checks that would normally
>be applied to the document. If the document is, for example, a Microsoft
>Word template, it could contain a macro that executes any DOS
>command. The attacker could arrange things so the macro was executed
>automatically as a consequence of the victim visiting the attacker's
>page.
<snip>
What makes this an Explorer-specific problem?
If I'm not mistaken, _any_ browser will open a .doc or .xls document if the
helper application is defined. Word and Excel macro viruses are not news.
I thought it would've been an Active-X or e-mail scamming hole.
I don't think a firewall can be configured to filter Word/Excel macro viruses.
Bill Stout
_______________________________________________________________________________
Senior Systems Admin NT/UNIX/I-net/Routers/Mainframes/Janitor ;)
Hitachi Data Systems 408-970-4822 --- Disclaimer: I speak only for myself
___________"Infowar, Cyber-war, yes, 'they' _are_ out to get you..."___________
Follow-Ups:
|
|
