Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] Office Programs Can Browse Restricted Drives

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] Office Programs Can Browse Restricted Drives
Date: 24 Feb 2005 17:47:36 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Office Programs Can Browse Restricted Drives
------------------------------------------------------------------------


SUMMARY

Due to a bug in the Office suite, drivers that been marked as restricted 
are not shown as such under the file browsing mechanism.

DETAILS

Vulnerable Systems:
 * Microsoft Office Service Pack 2 and prior

Immune Systems:
 * Microsoft Office Service Pack 3 or newer

After you establish a group policy to restrict access to a drive by 
selecting the  Hide these specified drives  in  My Computer  and Prevent 
access to drives from  My Computer  options, you can use a Microsoft 
Office program to browse and read the contents of the drive.

The same condition occurs when you insert a flash-drive and a common 
dialog box is presented asking you what you'd like to do. If you select 
open drive you can then browse all of the hidden and restricted drives the 
same way that you can using MS office.

This problem occurs when your operating system is Microsoft Windows 2000. 
The problem occurs because of the way that policies are applied. When you 
restrict access to a drive by establishing a group policy, restrictions 
apply to users, but they do not apply to services and programs. Because 
the browse feature is performed through a program such as Microsoft Excel 
or Microsoft Word, the program is permitted to view the drive. As a 
result, when you define a group policy and select the Hide these specified 
drives in My Computer and Prevent access to drives from My Computer 
options on a specific drive, the drive is read-only with respect to 
Microsoft Office 2000 programs.

Vendor Response
This issue was reported to Microsoft on Feb 11, 2005.


ADDITIONAL INFORMATION

The information has been provided by  
<mailto:Sonny.Discini@montgomerycountymd.gov> Discini, Sonny.
The original article can be found at:  
<http://support.microsoft.com/?id=302753> Office Programs Can Browse 
Restricted Drives



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] Office Programs Can Browse Restricted Drives, SecuriTeam <=
Previous by Date:  [TOOL] CheckDNS - DNS Analyzing Tool, SecuriTeam
Next by Date:  [EXPL] Multiple Vulnerabilities in WebConnect Exploit, SecuriTeam
Previous by Thread:  [TOOL] CheckDNS - DNS Analyzing Tool, SecuriTeam
Next by Thread:  [EXPL] Multiple Vulnerabilities in WebConnect Exploit, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]