[Esd-l] Modifying the sanitizer to scan for INCLUDETEXT
fields
John D. Hardin
jhardin at impsec.org
Sun Oct 6 11:52:01 PDT 2002
On Wed, 2 Oct 2002, Brett Glass wrote:
> You may also want to scan for an INCLUDEPICTURE field. According
> to some recently published articles, it's potentially even more
> dangerous than INCLUDETEXT because it can contain an arbitrary URL
> that can be generated from VBA variables and/or function calls.
Okay, I generated a sample document to see what they look like and
added a check for them to the macro scanner.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
73 days until The Two Towers
More information about the esd-l
mailing list