Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
From: Chip Andrews <chip () SQLSECURITY COM>
Date: Wed, 20 Sep 2000 09:40:53 -0400

Has anyone explored the possibility of making use of Windows 2000 Private
DLLs to solve this issue?  For example, the "side-by-side" approach could be
used to specify where DLLs for an application are stored to stop the search
path.

Older applications can be retro-fitted for private DLLs but using the
myapp.exe.local file to tell W2K to load DLLs from the directory where the
executable exists and not the search path or current directory.

Chip

----- Original Message -----
From: "Timothy J. Miller" <cerebus () SACKHEADS ORG>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: Monday, September 18, 2000 4:56 PM
Subject: Re: Double clicking on MS Office documents
I suggest that this problem, and subsequent problems of this nature,
can be fixed simply by *not* looking in the current directory for
required DLLs.

-- Cerebus



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault