Re: Alert: Microsoft Security Bulletin - MS02-059
From: Jeremy Epstein (jepstein@WEBMETHODS.COM)Date: 10/17/02
- Previous message: doxical: "ZoneAlarm Pro 3.1 and 3.0 Denial of Service Vulnerability"
- In reply to: Russ: "Alert: Microsoft Security Bulletin - MS02-059"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 17 Oct 2002 09:33:03 -0400 From: Jeremy Epstein <jepstein@WEBMETHODS.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Microsoft really underplays the risk in one important area when they say
(under Mitigating Factors):
> - The user could always view the field codes or external updates.
> The field codes or external updates used in the attack can be
> revealed, as they are only hidden to prevent cluttering the
> document when it is being viewed or edited. A method of checking
> documents for additional undesired information is described in
> the Frequently Asked Questions below.
If you put the field code in 1 point hidden text in a footnote (or somewhere
else pretty obscure), it's highly unlikely anyone would ever see it. Very
few Word users understand fields or hidden text, so it's easy to put fields
in places they'll never be found.
--Jeremy
P.S. They also missed a bit of template editing in the alert, which says
just below the "Severity Rating": "The above assessment is based on the
types of systems affected by the vulnerability, their typical deployment
patterns, and the effect that exploiting the vulnerability would have on
them. [One or two sentences explaining the rationale for the rating. Don't
justify every point; just give high-level info that puts the issue in
context]"
- Previous message: doxical: "ZoneAlarm Pro 3.1 and 3.0 Denial of Service Vulnerability"
- In reply to: Russ: "Alert: Microsoft Security Bulletin - MS02-059"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
