Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
From: Chip Andrews <chip () SQLSECURITY COM>
Date: Wed, 20 Sep 2000 09:40:53 -0400

Has anyone explored the possibility of making use of Windows 2000 Private
DLLs to solve this issue?  For example, the "side-by-side" approach could be
used to specify where DLLs for an application are stored to stop the search

Older applications can be retro-fitted for private DLLs but using the
myapp.exe.local file to tell W2K to load DLLs from the directory where the
executable exists and not the search path or current directory.


----- Original Message -----
From: "Timothy J. Miller" <cerebus () SACKHEADS ORG>
Sent: Monday, September 18, 2000 4:56 PM
Subject: Re: Double clicking on MS Office documents
I suggest that this problem, and subsequent problems of this nature,
can be fixed simply by *not* looking in the current directory for
required DLLs.

-- Cerebus

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]