[Full-Disclosure] Fw: warning
From: Thor Larholm (firstname.lastname@example.org)
- Next message: Roman Drahtmueller: "[Full-Disclosure] SuSE Security Announcement: openssl (SuSE-SA:2002:027)"
- Previous message: Thor Larholm: "[Full-Disclosure] Fw: warning"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: email@example.com (Thor Larholm) Date: Tue, 30 Jul 2002 17:52:10 +0200
----- Original Message -----
From: "Thor Larholm" <firstname.lastname@example.org>
To: <email@example.com>; <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>;
Sent: Tuesday, July 30, 2002 5:22 PM
Subject: RE: warning
> If your vulnerability deals with the "Office Web Components" then no
> should be necessary at this point, since Microsoft already yanked the OWC
> downloads (both OWC 9 and 10) from their download pages back in April when
> GreyMagic Software uncovered several vulnerabilities in them.
> From their download page (
> http://office.microsoft.com/downloads/2002/owc10.aspx ):
> "Microsoft has temporarily removed the Office Web Components while we
> conduct an investigation of potential security vulnerabilities. At the
> completion of our investigation, the OWC will be reposted. Thank you for
> your patience."
> Appareantly, researching these vulnerabilities must be very hard on MS
> (despite their simplicity) since this has been so for a quarter of a year
> now. The vulns that triggered this action:
> And again, these are still unpatched together with the total of 21
> known unpatched vulnerabilities currently found in IE:
> Of course, if you have installed Office by itself then you probably
> have OWC installed. Luckily this can be uninstalled separately by going to
> ControlPanel - Add/Remove programs - Office - Change - Office Tools -
> Office Web Components.
> If a system administrator installed OWC from a network share, then OWC
> be silently re-installed when used again - in which case you are out of
> If your vulnerability did not deal with OWC, then apologize my intrusion
> let me guess on a Content-Type/Content-Disposition variant - though your
> suggested workaround would make no sense then :)
> Thor Larholm, Security Researcher
> PivX Solutions, LLC
> Are You Secure?
> -----Original Message-----
> From: Georgi Guninski [mailto:guninski@GUNINSKI.COM]
> Sent: 30. juli 2002 16:36
> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
> Subject: warning
> Consider this a warning, full details to come soon.
> windows + ie 6.0 + office xp may get owned by visiting a web page.
> workaround/solution: disable "activex and plugins" until someone produce a
> After this warning, don't whine about responsibity issues - first check
> microsoft's responsiblity in "help -> about"
> Georgi Guninski