[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MS03-035




Greetings all:

I am working on trying to learn more about this exploit for a networking class at school. Has anyone been able to develop a successful exploit for this vulnerability? As usual the Microsoft security bulletin was extremely vague in terms of actual technical details regarding this vulnerability but I can't really say that I blame them.

What I am most interested in is, Jim Basset says that he noticed all documents developed from an "unusual template" as he put it were able to bypass macro security. Does this mean that the bypass only occurs if the template and malicious document were on the same system? To my meager intellect, it would appear as such.

If it helps, I had filemon open while I tried to apply the patch and noticed that the most obvious thing that was being written to was in fact winword.exe itself. I would then venture that this is where the problem lies, the darn thing is at least 8 MB in size.

Oh well, perhaps one of you folks knows some more about this.

mars