procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

WARN: Proof-of-Concept code for the Office VBE BO is available

2003-09-08 12:31:26
from [John D. Hardin] [Permanent Link] 
All:

Proof-of-Concept code for attacking the Microsoft Office VBE Buffer
Overflow vulnerability is apparently publicly available. Expect some
sort of attacks to being soon.

I strongly suggest updating to the 1.139 Sanitizer if you are
currently doing macro scanning. It should catch attempts to exploit
this bug.

If anyone captures an actual attack document I would really like to
see a copy, particularly if the sanitizer did NOT detect it.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin(_at_)impsec(_dot_)org                        pgpk -a 
jhardin(_at_)impsec(_dot_)org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
                                  -- John C. Randolph <jcr(_at_)idiom(_dot_)com>
-----------------------------------------------------------------------
   13 days until Galileo is deorbited


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Time to bury the delicious dead horse ('Twas procmail: No permission to execute), David W. Tamkin
Next by Date:  Re: WARN: Proof-of-Concept code for the Office VBE BO is available, Daniel Liston
Previous by Thread:  Adding filters on userlevel, René Mølsted
Next by Thread:  Re: WARN: Proof-of-Concept code for the Office VBE BO is available, Daniel Liston
Indexes:  [Date] [Thread] [Top] [All Lists]