Microsoft Security Bulletin MS02-059

Naviga SWZ: Home Page » News
News del 17 Ottobre 02 Autore: Rostor
- ---------------------------------------------------------------------- Title: Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure (Q330008) Date: 16 October 2002 Software: Microsoft(r) Word and Microsoft(r) Excel Impact: Information Disclosure Max Risk: Moderate Bulletin: MS02-059 Microsoft encourages customers to review the Security Bulletin at: - ---------------------------------------------------------------------- Issue: ====== Word and Excel provide a mechanism through which data from one document can be inserted to and updated in another document. This mechanism, known as field codes in Word and external updates in Excel, can be automated to reduce the amount of manual effort required by a user. An example of the use of Word field codes could be the automatic insertion of a standard disclaimer paragraph in a legal document. An example of the use of external updates in Excel could be the automatic updating of a chart in one spreadsheet using data in a different spreadsheet. A vulnerability exists because it is possible to maliciously use field codes and external updates to steal information from a user without the user being aware. Certain events can trigger field code and external update to be updated, such as saving a document or by the user manually updating the links. Normally the user would be aware of these updates occurring, however a specially crafted field code or external update can be used to trigger an update without any indication to the user. This could enable an attacker to create a document that, when opened, would update itself to include the contents of a file from the user's local computer. In order for an attacker to take advantage of this vulnerability, the attacker would need to perform the following steps: -Craft a Word or Excel document that exploits the vulnerability -Deliver it to the user, via email or some other method -Entice the user to open the document -Return the document to the attacker. (Microsoft is aware of one case in which it would not be necessary for the user to do this. There is one method through which the attacker's document could post information directly to a web site, but it would only allow the first line of the file to be sent) Mitigating Factors: ==================== - - The attacker would need to know the location of the file that he or she wanted to steal. If the correct filename were not presented, the attack would fail and an invalid field error message would be present in the document. - - The user could always view the field codes or external updates. The field codes or external updates used in the attack can be revealed, as they are only hidden to prevent cluttering the document when it is being viewed or edited. A method of checking documents for additional undesired information is described in the Frequently Asked Questions below. - - Although the attacker could take some steps to obscure the stolen information, the attacker would leave a clear audit trail. Since the field codes or external updates can be viewed, even if an attack is successful, the attacker would leave clear evidence in the document in the form of the stolen information and the malicious field codes used. This evidence could be used by law enforcement agencies if required - - The vulnerability would not enable the attacker to delete, modify or add any files to the user's local system. - - In virtually all circumstances, the attacker would need to entice the user into returning the document. No information would be revealed unless the user returned the document to the attacker. Risk Rating: ============ - Internet systems: None - Intranet systems: None - Client systems: Moderate Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletin at Patch for information on obtaining this patch.
Inserisci un commento sul forum Commenta la News sul Forum


Categoria: Sicurezza

La Community di

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum


Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter