[Esd-l]
WARN: Proof-of-Concept code for the Office VBE BO is available
John D. Hardin
jhardin at impsec.org
Mon Sep 8 12:25:22 PDT 2003
All:
Proof-of-Concept code for attacking the Microsoft Office VBE Buffer
Overflow vulnerability is apparently publicly available. Expect some
sort of attacks to being soon.
I strongly suggest updating to the 1.139 Sanitizer if you are
currently doing macro scanning. It should catch attempts to exploit
this bug.
If anyone captures an actual attack document I would really like to
see a copy, particularly if the sanitizer did NOT detect it.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
-- John C. Randolph <jcr at idiom.com>
-----------------------------------------------------------------------
13 days until Galileo is deorbited
More information about the esd-l
mailing list