let's crash office for macs with lamer HTML email

kelley at pulpculture.org kelley at pulpculture.org
Wed Apr 17 20:34:57 PDT 2002


One more reason why HTML is lame, lame, lame!

Security flaw in Microsoft Office for Mac By Robert Lemos Staff Writer, CNET News.com April 16, 2002, 5:15 PM PT http://news.com.com/2100-1001-884364.html

Microsoft acknowledged on Tuesday that its popular Office applications for=

the Macintosh have a critical security flaw that leaves users' systems=

open to attack by worms and online vandals. The software slip-up happens because the Microsoft applications incorrectly=

handle the input to a certain HTML (Hypertext Markup Language) feature. By=

formatting a link in a particular manner, an attacker can cause a program=

to crash a Macintosh or run arbitrary commands. The link could appear on a=

Web page or in an HTML-enabled e-mail.

Known as a buffer overflow, such a problem is relatively easy to take=

advantage of, said Matt Conover, a member of w00w00, one of two security=

groups that is credited with bringing the problem to Microsoft's=

attention.

<snippety snip>



More information about the lbo-talk mailing list