Article Comments for Ken Pfeil

Protection Bypass Vulnerability in Microsoft Word

Anonymous User — Wed, 03 Aug 2005 22:43:08 GMT

Anonymous User
Wed, 03 Aug 2005 22:43:08 GMT
for the previous posts, this is for unprotecting a word doc that has a password (to edit text), not for opening a password required doc (there are utilities available for that). you don’t need a hex editor, save as a html file open it up in a html editor like front page search for the tag replace the password with 8 zeros: 00000000 then open the html in word (it’s now unprotected)save as a doc

Protection Bypass Vulnerability in Microsoft Word

Anonymous User — Wed, 01 Jun 2005 12:15:05 GMT

Anonymous User
Wed, 01 Jun 2005 12:15:05 GMT
The tag in HTML is only there if you use Word 2003. The type of protection discussed here is found under Tools, Protect Document. It is not the document password. Also, you can get around this type of "protection" by inserting a protected file into a new blank document. The protection is automatically removed!

Protection Bypass Vulnerability in Microsoft Word

Anonymous User — Thu, 07 Apr 2005 20:54:19 GMT

Anonymous User
Thu, 07 Apr 2005 20:54:19 GMT
these comments are the worst i’ve ever read.

Protection Bypass Vulnerability in Microsoft Word

Anonymous User — Thu, 31 Mar 2005 00:29:50 GMT

Anonymous User
Thu, 31 Mar 2005 00:29:50 GMT
can somebody tell me how to crack the password to view the .doc or .xls files. If yes then please mail me at amitdudeja@intertollindia.com URGENTLY.

Protection Bypass Vulnerability in Microsoft Word

Anonymous User — Thu, 31 Mar 2005 00:27:23 GMT

Anonymous User
Thu, 31 Mar 2005 00:27:23 GMT
All these steps are useless unless you have the password to view the contents even. If someone can crack the password to view the file then there is no problem modifying it by copying the same text in new .doc file. amitdudeja@intertollindia.com

Protection Bypass Vulnerability in Microsoft Word

Anonymous User — Wed, 23 Feb 2005 15:53:48 GMT

Anonymous User
Wed, 23 Feb 2005 15:53:48 GMT
nope its not working i could’nt find the password line

Protection Bypass Vulnerability in Microsoft Word

Anonymous User — Sun, 06 Feb 2005 18:37:17 GMT

Anonymous User
Sun, 06 Feb 2005 18:37:17 GMT
This is for a READ ONLY password. I have been able to find this line but it doesnt appear to work in Word 97 so not much use to me.

Protection Bypass Vulnerability in Microsoft Word

Anonymous User — Tue, 01 Feb 2005 13:31:54 GMT

Anonymous User
Tue, 01 Feb 2005 13:31:54 GMT
Ref my previous comment.. I created a PROTECTED do***ent, opened it and saved it as HTML, opened it in Notepad.... found NO TAG LINE as described in line 4 of procedure.-i did the same, smth is changed,Help!

Multiple Vulnerabilities in Microsoft Windows

Anonymous User — Mon, 27 Dec 2004 13:09:31 GMT

Anonymous User
Mon, 27 Dec 2004 13:09:31 GMT
Fix announced on 14th, article on 18th, distributed on 23rd. Don’t you think this is too time-sensitive to hold for 9 days?

Arbitrary Code Execution in Microsoft WINS

Anonymous User — Thu, 02 Dec 2004 07:22:23 GMT

Anonymous User
Thu, 02 Dec 2004 07:22:23 GMT
http://support.microsoft.com/search/default.aspx?catalog=LCID%3D1033&query=890710&x=0&y=0 -kewakl

Arbitrary Code Execution in Microsoft WINS

Anonymous User — Thu, 02 Dec 2004 07:19:36 GMT

Anonymous User
Thu, 02 Dec 2004 07:19:36 GMT
Oops- should have been http://support.microsoft.com/default.aspx?scid=kb;en-us;890710 prev link points to the search page. -kewakl

Arbitrary Code Execution in Microsoft WINS

Anonymous User — Thu, 02 Dec 2004 06:20:14 GMT

Anonymous User
Thu, 02 Dec 2004 06:20:14 GMT
The URL given doesn’t work, and MSKB searches on the title given also don’t turn anything up. (and it would be nice if it was actually a link)

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Thu, 25 Nov 2004 08:12:12 GMT

Anonymous User
Thu, 25 Nov 2004 08:12:12 GMT
Is this like the Readers wives section>

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Thu, 25 Nov 2004 00:57:11 GMT

Anonymous User
Thu, 25 Nov 2004 00:57:11 GMT
Hm, 2 questions regarding the issues..: Before: no Sp2 After: there’s Sp2 I just wonder if does it matter if there’s sp2 or not. I mean before you neither got the message about file downloads (btw, it’s a really annoying feature). Other question/update is: there was an error in Netscape (many y ago) and in opera (probably 1/2 y ago) where you were able to force the download location. I don’t know if you want to write about it but it isn’t a security issue - for me(!) - if you are just to change the extension. Expl’: create a html document with .exe extension, save it by save as (is that a problem? not really - as i said: at me).

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Wed, 24 Nov 2004 09:43:56 GMT

Anonymous User
Wed, 24 Nov 2004 09:43:56 GMT
Mister ’screw IE’, Your razor sharp intellectual comments have completely changed my opinion on this matter. You are truly a poet.

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Wed, 24 Nov 2004 09:39:25 GMT

Anonymous User
Wed, 24 Nov 2004 09:39:25 GMT
"Screw IE"?? "Firefox rules??" Please restrict your posts to the under-12 "script-kiddy" area....

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Wed, 24 Nov 2004 08:44:56 GMT

Anonymous User
Wed, 24 Nov 2004 08:44:56 GMT
Screw IE. Firefox rules. IE is only useful for non-critical Windows updates, apart from that, it’s obsolete!

Multiple Vulnerabilities in Microsoft Internet Explorer 6

toadkicker — Wed, 24 Nov 2004 08:37:13 GMT

toadkicker
Wed, 24 Nov 2004 08:37:13 GMT
I think the inteligent thing to say here is to limit your use of IE, especially when navigating to sites you normally don’t visit, until Microsoft can fix this problem. I’m positive there are things wrong with Firefox, but one thing is certain; it doesn’t have this problem.

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Wed, 24 Nov 2004 05:12:57 GMT

Anonymous User
Wed, 24 Nov 2004 05:12:57 GMT
Firefox just came out as v1. Of course there’s still no patches needed. versions pre v1 have been patched, and there’s been security alerts regarding FF as well. Please do your homework before posting the next time.

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Tue, 23 Nov 2004 20:45:27 GMT

Anonymous User
Tue, 23 Nov 2004 20:45:27 GMT
While it’s no secret that IE is suffering from new vulnerabilities every other day, one of the key reasons is due to the market share of over 90% that it commands. The real test of firefox or any other browser will be the day once it reaches atleast 20% market share. That’s the time when researchers have fun in exploiting the vulnerabilities..

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Tue, 23 Nov 2004 20:35:49 GMT

Anonymous User
Tue, 23 Nov 2004 20:35:49 GMT
Anybody can claim that any browser is having a security problem. There are no evidences that such security holes exist in IE 6.0, please stop marking the FireFox.

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Tue, 23 Nov 2004 10:28:01 GMT

Anonymous User
Tue, 23 Nov 2004 10:28:01 GMT
Yeah... FireFox is great as long as you don’t need ActiveX controls.

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Tue, 23 Nov 2004 10:12:18 GMT

Anonymous User
Tue, 23 Nov 2004 10:12:18 GMT
Firefox has been patched. You fool.

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Tue, 23 Nov 2004 10:00:06 GMT

Anonymous User
Tue, 23 Nov 2004 10:00:06 GMT
Jeez - can people please stop bleating on about Firefox. It’s the first thing you see against every IE flaw. It’s amazing how they managed to write such a perfect browser, first time round. Perhaps they should be working on the WorldPeace.exe or NoMoreHunger.exe

Multiple Vulnerabilities in Cactusoft’s CactuShop 5.x

Anonymous User — Tue, 23 Nov 2004 07:35:08 GMT

Anonymous User
Tue, 23 Nov 2004 07:35:08 GMT
The issues were fixed: http://www.s-quadra.com/advisories/Adv-20040331.txt

Multiple Vulnerabilities in Microsoft Internet Explorer 6

Anonymous User — Mon, 22 Nov 2004 04:55:35 GMT

Anonymous User
Mon, 22 Nov 2004 04:55:35 GMT
That’s a fantastic observation. firefox rocks. Good for you.

Multiple Vulnerabilities in RealPlayer and RealOne player

Anonymous User — Sun, 21 Nov 2004 05:26:42 GMT

Anonymous User
Sun, 21 Nov 2004 05:26:42 GMT
http://www.armux.com

Denial of Service in Oracle 8i and 9i for Windows

Anonymous User — Sun, 07 Nov 2004 06:16:53 GMT

Anonymous User
Sun, 07 Nov 2004 06:16:53 GMT
asdf

Arbitrary Code Execution in PuTTY for Windows

PAUL THURR0TT — Wed, 03 Nov 2004 01:18:39 GMT

PAUL THURR0TT
Wed, 03 Nov 2004 01:18:39 GMT
Great article. Better than mine!

Arbitrary Remote Code Execution Vulnerability in WildTangent Web Driver 4.0

Anonymous User — Thu, 14 Oct 2004 08:07:22 GMT

Anonymous User
Thu, 14 Oct 2004 08:07:22 GMT
no comment, thank you very useful

Local Privilege Escalation Vulnerability in ServU FTP server

CHRIS — Thu, 19 Aug 2004 14:01:25 GMT

CHRIS
Thu, 19 Aug 2004 14:01:25 GMT
I have the Serv-U 5.1 Personal Edition installed on a Windows 2000 box, and it does not allow remote administration. SITE MAINTENANCE Serv-U responds with: 553 Server Edition does not support remote administration. Perhaps this attack is only good for Serv-U installed on Windows XP? - Chris

Multiple Vulnerabilities in winShadow for Windows

OmniCom Support — Tue, 22 Jun 2004 22:22:02 GMT

OmniCom Support
Tue, 22 Jun 2004 22:22:02 GMT
These issues were resolved on the 17th of October 2003.

Arbitrary Remote Code Execution Vulnerability in WildTangent Web Driver 4.0

aaron — Fri, 11 Jun 2004 09:38:03 GMT

aaron
Fri, 11 Jun 2004 09:38:03 GMT
We thank you so very much for letting us know about this problem. But you always seem to not go the distance and tell us the whole story; by not telling us that this is SPYWARE you are doing an extreme disservice to your customers. I believe more people would want to completely remove this software and update it. http://www.spyany.com/program/article_spw_rm_WildTangent.html

Denial of Service in MDaemon Email for Windows NT/2000

sibghat — Wed, 02 Jun 2004 00:45:12 GMT

sibghat
Wed, 02 Jun 2004 00:45:12 GMT
I am really Empresed by this product.

ImageMap URL Spoof Vulnerability in Microsoft Internet Explorer

Dave — Fri, 28 May 2004 09:37:30 GMT

Dave
Fri, 28 May 2004 09:37:30 GMT
this same spoof can be configured to do the yellow lock in the bottom right hand corner of the page.to spoof secure site.saw it in a repply post in slashdot many months ago. this is not a new problem. just newly reported!

ImageMap URL Spoof Vulnerability in Microsoft Internet Explorer

Nick Burrlock — Fri, 28 May 2004 09:15:52 GMT

Nick Burrlock
Fri, 28 May 2004 09:15:52 GMT
This doesnt appear to be anything new? The same effect can be achieved using javascript to manipulate the status bar as follows: Demo Page

Test Page

http://www.microsoft.com

ImageMap URL Spoof Vulnerability in Microsoft Internet Explorer

Juan Hernandez — Fri, 28 May 2004 09:11:04 GMT

Juan Hernandez
Fri, 28 May 2004 09:11:04 GMT
Its good that I use Mozilla or Opera web browsers I tested them and they dont suffer from this vulnerality. Now, how says that Open Source is not safer than the people at Redmont.....

ImageMap URL Spoof Vulnerability in Microsoft Internet Explorer

alex — Fri, 28 May 2004 09:04:58 GMT

alex
Fri, 28 May 2004 09:04:58 GMT
I do not thing it’s a vulnerability, it’s more like spoofing technique. Looks like inside of . One can do similar things with OnMouseOver/Out script -> If you have access to the web server copy/paste code below, also if you click on URL and hold mouse button down (in both cases), IE would display actual URL <<<<<<<<<<<<<<<<< www.ms.com >>>>>>>>>>>>>>>>>>>>>>>> Thank you. Alex

ImageMap URL Spoof Vulnerability in Microsoft Internet Explorer

Ian Haynes — Fri, 28 May 2004 09:04:47 GMT

Ian Haynes
Fri, 28 May 2004 09:04:47 GMT
This can also be done less benignly by using an image link in the same way and JavaScript to change the status bar text to show the false link.

ImageMap URL Spoof Vulnerability in Microsoft Internet Explorer

Elrod — Fri, 28 May 2004 09:01:30 GMT

Elrod
Fri, 28 May 2004 09:01:30 GMT
Kind of a kludgey workaround, but try this on the proof of concept page: If you set focus to the link itself (not the image) by either hitting the tab key or right-clicking it, rather than left-clicking on the link, the real URL appears in the status bar. But who’s going to know to do this in advance?

ImageMap URL Spoof Vulnerability in Microsoft Internet Explorer

Joe A. — Fri, 28 May 2004 08:48:17 GMT

Joe A.
Fri, 28 May 2004 08:48:17 GMT
Why would anyone call this a vulnerability? You can do the same thing with a window.status call in JavaScript. He’s showing a URL-like image and linking this to another site. Big deal(!)

Denial of Service in Microsoft Internet Explorer 6.0 SP1

Richard S — Thu, 27 May 2004 08:07:37 GMT

Richard S
Thu, 27 May 2004 08:07:37 GMT
Am suffering from the effects of this or something very similar HTML corruptionbut not able to correct it....please can anybody suggest a cure.

Denial of Service in Microsoft Internet Explorer 6.0 SP1

J Palmer — Wed, 26 May 2004 06:08:20 GMT

J Palmer
Wed, 26 May 2004 06:08:20 GMT
Where’s the DoS? All this VULNERABILITY proves is that bad HTML can crash IE which is no major surprise. You’re promoting the equivalent of Chicken Little’s "the sky is falling" to read "the universe is imploding!". Why assume that any crash like this can cause a DoS? Stop mixing your careers in journalism with those college semesters of advertising.

Denial of Service in Microsoft Internet Explorer 6.0 SP1

Mark McGinty — Tue, 25 May 2004 20:22:23 GMT

Mark McGinty
Tue, 25 May 2004 20:22:23 GMT
So we have a script language interpreter/environment in which it’s possible to write code that crashes the environment? We have a name for that, but it’s not "vulnerability"... it’s called "life", get a grip. Meta tags aren’t valid in the body, only in the head. The browser imputes the html and body elements in an empty document but it’s under no onus to impute a head element. So it choked on bad code? If someone codes a page this way, it’s Microsoft’s fault that the client’s browser crashes? At absolute worst this represents a missed opportunity for judicious null-checking. This does not belong in a security bulliten. Could it be that someone has way too much time on his hands? -Mark

Multiple Vulnerabilities in Cactusoft’s CactuShop 5.x

Paul — Tue, 11 May 2004 10:51:26 GMT

Paul
Tue, 11 May 2004 10:51:26 GMT
these issues were fixed within a few days of S-Quadra announcing them 16 Mar 2004: S-Quadra alerted CactuSoft about new PoC Code. 26 Mar 2004: S-Quadra alerted CactuSoft about new PoC Code. 04 Apr 2004: CactuSoft fixed SQL Injection vulnerability. 06 Apr 2004: CactuSoft fixed XSS vulnerability.

Multiple Vulnerabilities in Microsoft Windows RPC/DCOM

Marcelo Pronto — Wed, 05 May 2004 23:55:24 GMT

Marcelo Pronto
Wed, 05 May 2004 23:55:24 GMT
Hi guys , listen please could you be abit quicker, Irun a sus server which had this patch on the 9th of April as with the last two "Alerts" you sent. Although I do appreciate you articles and the fact that your correspondence via email doesnt cost me anything, it is starting to cost me time that i really do not have by making me go back to verify that i have in fact applied a patch to correct the "latest" vulnerability.

Multiple Vulnerabilities in RealPlayer and RealOne player

Lorne Bergson — Wed, 05 May 2004 15:33:25 GMT

Lorne Bergson
Wed, 05 May 2004 15:33:25 GMT
I have heard this already on realone.com site. I have e-mailed their technicians but I can’t download updates from realnetworks.com. I’ve adjusted all the settings and the network transports and the udp ports. So I’m supposed to think it’s my spyware blaster? All of the above to say I’ve surfed in looking to help with network transport issues with RealOne player

Multiple Vulnerabilities in Microsoft Windows

e.b.penner — Tue, 27 Apr 2004 20:03:15 GMT

e.b.penner
Tue, 27 Apr 2004 20:03:15 GMT
I thought the article was informative and practicle.

Exchange 2000 and IIS 5.0 Denial of Service

sandeep — Fri, 16 Apr 2004 04:01:59 GMT

sandeep
Fri, 16 Apr 2004 04:01:59 GMT
very fine

Buffer-overrun Vulnerability in WS_FTP Pro

Mike Schiele — Fri, 02 Apr 2004 02:12:38 GMT

Mike Schiele
Fri, 02 Apr 2004 02:12:38 GMT
http://www.ipswitch.com/products/ws_ftp/whatsnew.html is where to go for the latest version single user cost: USD$44.95 What they call version 8.0? Upgrade to v8.0 with Service Agreement (provides all product upgrades & unlimited phone and email technical support for 12 months) USD$24.95 Upgrade (one-time upgrade to v8.0) USD$19.95 But, we don’t use this, the Trellix Corporation’s Web Photo Manager works fine and is easy to use!

Buffer-overrun Vulnerability in WS_FTP Pro

Michael Dowless — Wed, 24 Mar 2004 16:08:30 GMT

Michael Dowless
Wed, 24 Mar 2004 16:08:30 GMT
How about the makers of WSFTP Pro consider FIXING the problem in previous versions with a free patch? Hmmmm? Don’t make me upgrade just to fix a weakness in the product! C’mon people. Give me a break.

Buffer-overrun Vulnerability in WS_FTP Pro

Maire — Wed, 24 Mar 2004 10:38:08 GMT

Maire
Wed, 24 Mar 2004 10:38:08 GMT
Is there any fix?

Buffer Overrun In Microsoft Windows HTML Converter

hazel crews — Mon, 08 Mar 2004 18:01:26 GMT

hazel crews
Mon, 08 Mar 2004 18:01:26 GMT
I bought a new computer, thinking I wouls still be compatable with windows 2000,I could bring my work home and work.But, I can’t because this window 98 does not have office in it. I think after paying as much as I did for this computer, it would at least have a compatable converter or a conversion that I couls use.

Multiple Vulnerabilities in RealPlayer and RealOne player

Terry Ellis — Tue, 24 Feb 2004 20:37:14 GMT

Terry Ellis
Tue, 24 Feb 2004 20:37:14 GMT
Good description of the potential threat.

Multiple Vulnerabilities in RealPlayer and RealOne player

N. D'ERI — Mon, 23 Feb 2004 22:09:29 GMT

N. D'ERI
Mon, 23 Feb 2004 22:09:29 GMT
I use it regularly prefer it over windows media player

Arbitrary Remote Execution of Code in Microsoft Windows

Jorge Atoji — Thu, 12 Feb 2004 04:22:48 GMT

Jorge Atoji
Thu, 12 Feb 2004 04:22:48 GMT
It´s good article.

Multiple Vulnerabilities in Microsoft Internet Explorer

Robert Gay — Tue, 10 Feb 2004 09:55:49 GMT

Robert Gay
Tue, 10 Feb 2004 09:55:49 GMT
Your reference to the Microsoft bulletin MS04-003 is incorrect and should be MS04-004. The referenced bulletin is a security bulletin that has to do with MDAC.

Multiple Vulnerabilities in Microsoft Internet Explorer

hans hamakers — Tue, 10 Feb 2004 01:17:07 GMT

hans hamakers
Tue, 10 Feb 2004 01:17:07 GMT
it is MS04-004, not MS04-003

Remote Code Execution Vulnerability in Microsoft ISA Server 2000

Akintade Olusegun — Wed, 21 Jan 2004 00:10:15 GMT

Akintade Olusegun
Wed, 21 Jan 2004 00:10:15 GMT
The article is timely and sensitive. It will go along way in solving security issues both on the engine that power the security and the vehicle that the engine powers to bring about a secure environment.

Protection Bypass Vulnerability in Microsoft Word

KJ — Fri, 09 Jan 2004 08:53:43 GMT

KJ
Fri, 09 Jan 2004 08:53:43 GMT
Ref my previous comment.. I created a PROTECTED document, opened it and saved it as HTML, opened it in Notepad.... found NO TAG LINE as described in line 4 of procedure.

Protection Bypass Vulnerability in Microsoft Word

KJ — Fri, 09 Jan 2004 08:32:18 GMT

KJ
Fri, 09 Jan 2004 08:32:18 GMT
How do you OPEN A PROTECTED DOCUMENT IN WORD without already knowing the password you are going to defeat? Or, how do you get past the modal dialog box to open a protecrted document without the password?

Protection Bypass Vulnerability in Microsoft Word

Maida — Thu, 08 Jan 2004 13:46:08 GMT

Maida
Thu, 08 Jan 2004 13:46:08 GMT
Your steps start with open a secured document. But how this malicious user open the document on the first place.

Protection Bypass Vulnerability in Microsoft Word

Robert Richard — Thu, 08 Jan 2004 07:42:09 GMT

Robert Richard
Thu, 08 Jan 2004 07:42:09 GMT
I’ve seen a couple articles about this now, and none have stated the obvious fact that Word password protection was never intended as a full-blown security measure. If you want a truly protected document, use a digital signature or encryption. Why do you think that such industry-standard protection schemes exist? On top of that, if you are worried about legal chain-of-custody in a compromised document, it is easily proven that the document cracked in this manner is not original. Word stores all revision information about the document in the document’s "metadata"; data that is not visible within the application itself. When saving the document to HTML and then back into .DOC format, all of this information is destroyed because the .HTM file is a new file rather than a modified version of the original, which has its own metadata attributes. A simple comparison of the metadata between the original and the cracked version will quickly show that the latter is a fake. This really is not a vulnerability. It is simply a wake-up call for those people using a feature for what it was never intended for, rather than be bothered to protect their documents properly using one of many industry accepted practices.

Protection Bypass Vulnerability in Microsoft Word

brian — Thu, 08 Jan 2004 07:12:10 GMT

brian
Thu, 08 Jan 2004 07:12:10 GMT
If you can gather the password why bother going through the trouble with the hex editor to remove it. Just use it...

Protection Bypass Vulnerability in Microsoft Word

Jim Krakowski — Thu, 08 Jan 2004 06:50:48 GMT

Jim Krakowski
Thu, 08 Jan 2004 06:50:48 GMT
I tried this using Word 2002 with SP-2 installed and I received a message stating that the Save As Web Page (*.htm; *.html) will unsecure the document - did I wish to continue? Are you sure these instructions are correct?

Protection Bypass Vulnerability in Microsoft Word

Michel BRUYÈRE — Thu, 08 Jan 2004 06:13:57 GMT

Michel BRUYÈRE
Thu, 08 Jan 2004 06:13:57 GMT
May be my understanding of English isn’ t enough? But, I don’t notice something stranger! You can open a protected document IF you know it of course, isn’ it? Or may be someone open it for you and let you work on it. With the trick explained by Thorsten Delbrouck you can know the password. That the only problem, I see. If I misunderstand IT; please, explain me.

Protection Bypass Vulnerability in Microsoft Word

K. Ramaswamy — Wed, 07 Jan 2004 21:57:48 GMT

K. Ramaswamy
Wed, 07 Jan 2004 21:57:48 GMT
In fact I have found that you need not go to this trouble. You can save the document in save as a rtf file. Then open the same in word & unprotect the document. It does not ask for a password, if it is done in this sequence.

Protection Bypass Vulnerability in Microsoft Word

manaf — Wed, 07 Jan 2004 21:53:34 GMT

manaf
Wed, 07 Jan 2004 21:53:34 GMT
what do you mean by protected...?? is it password or what.. thanx

Protection Bypass Vulnerability in Microsoft Word

Lisa Burke — Wed, 07 Jan 2004 17:52:18 GMT

Lisa Burke
Wed, 07 Jan 2004 17:52:18 GMT
Try just opening the document with Wordpad to bypass security. The "Thorsten Delbrouck" is way to complicated.

Protection Bypass Vulnerability in Microsoft Word

Phil Hogan — Wed, 07 Jan 2004 15:42:58 GMT

Phil Hogan
Wed, 07 Jan 2004 15:42:58 GMT
Aww cmon - give poor ole MS a break. You’ve just discovered the MS password recovery feature (LOL!).

Protection Bypass Vulnerability in Microsoft Word

Jodi — Tue, 06 Jan 2004 19:50:53 GMT

Jodi
Tue, 06 Jan 2004 19:50:53 GMT
I had problems with word not to long ago. I tried to go check on a document I thought I had saved but when I went to go look for It word told me It did not exist but I had just saved It not more then two weeks before this so I know It was there. I contacted Microsoft but they told me since I did not have a credit card their was nothing they could do so I ended up calling the manufacturer of my system and through them I was finally able to get It working again.

Protection Bypass Vulnerability in Microsoft Word

Larry A. Duncan — Tue, 06 Jan 2004 15:51:16 GMT

Larry A. Duncan
Tue, 06 Jan 2004 15:51:16 GMT
I’ve tested this process with an MS-provided document that has write protection enabled, yet the "" tag does exist in the HTML document that I saved. The document I’m speaking of is the SMS 2003 Reviews Guide available from http://www.microsoft.com/smserver.

Mulitple Vulnerabilities in Cisco PIX Firewall

raul lopez — Wed, 17 Dec 2003 22:28:19 GMT

raul lopez
Wed, 17 Dec 2003 22:28:19 GMT
you don’t explain if the crash of snmpv3, must be done from the configured ip_addr in pix configuration or can be from any IP. regards

Arbitrary Code Execution Vulnerability in Yahoo! Instant Messenger

Richard Kruse — Sat, 06 Dec 2003 04:28:32 GMT

Richard Kruse
Sat, 06 Dec 2003 04:28:32 GMT
There must also be a vulnerability in yahoo, I have a Yahoo account and quit using it because all I had been and still sometimes is SMUT, PORN, whatever you want to call it and when I go to block it is always someone from Yahoo,com. So as a result I had to block ANY @yahoo.com mail, thus losing some important mail as well. Richard kruse

Arbitrary Code Execution Vulnerability in Yahoo! Instant Messenger

John Sharp — Fri, 05 Dec 2003 12:28:33 GMT

John Sharp
Fri, 05 Dec 2003 12:28:33 GMT
It would be interesting to know when the vendor was notified so that we can see how long the response takes. Regards, John Sharp

Denial of Service in SpeakFreely for Windows

Mike Aguilar — Tue, 11 Nov 2003 01:45:16 GMT

Mike Aguilar
Tue, 11 Nov 2003 01:45:16 GMT
Any way that we might possibily get some more information about this vulnerability? The description is somewhat vague.

Data Compromise Vulnerability in PGPDisk for Windows

Fred Langston — Thu, 30 Oct 2003 11:06:00 GMT

Fred Langston
Thu, 30 Oct 2003 11:06:00 GMT
Isn’t the switch user fucntionality only available in standalone systems? Or is that controlled in an AD environment through group policy? And isn’t this a Microsoft problem, not a PGP problem?

Buffer Overrun in Microsoft Windows ListBox and ComboBox Controls

Jeffrey Ross — Wed, 22 Oct 2003 17:18:28 GMT

Jeffrey Ross
Wed, 22 Oct 2003 17:18:28 GMT
According to Microsoft Windows ME is not affected by the Q824141 fault, contrary to what your article 40585 claims.

Buffer Overrun in Microsoft Windows ListBox and ComboBox Controls

Marlo Cleckley Sr — Wed, 22 Oct 2003 12:49:44 GMT

Marlo Cleckley Sr
Wed, 22 Oct 2003 12:49:44 GMT
This patched caused some issues with roaming profiles has MS addresed it?

Man-in-the-Middle Attack on Microsoft Terminal Services

JK — Fri, 17 Oct 2003 15:12:16 GMT

JK
Fri, 17 Oct 2003 15:12:16 GMT
How realistic is an attack like this? What effort is involved in gaining a high enough level of access to make it worth while? Can it be automated to record all comms, thus allowing the attacker to pick and choose which credentials to use (obviously being Admin)?... And couldn’t sniffing like this be detected fairly easily?

Multiple Vulnerabilities in winShadow for Windows

Tue, 07 Oct 2003 16:23:14 GMT

Tue, 07 Oct 2003 16:23:14 GMT
I was just wondering how you know this is legit?

System Compromise Vulnerability in Microsoft MDAC

Shabbir Talib — Fri, 22 Aug 2003 12:33:35 GMT

Shabbir Talib
Fri, 22 Aug 2003 12:33:35 GMT
How does one deploy this update within an enterprise in an unattended mode?

Buffer Overrun In RPC Interface Could Allow Code Execution

Paul Petersen — Fri, 18 Jul 2003 11:41:37 GMT

Paul Petersen
Fri, 18 Jul 2003 11:41:37 GMT
Does anyone have any insights about the probability of this also being a problem on W9x, ME, - essentially all those home users who don’t have any idea that there is a thing called an open port on their computer? Why can’t the exploit work on those devices...I’m not real familiar with DCOM and where/when it’s used, but apparently that figures prominently in the exploit, do those OS’s not support DCOM

Buffer Overflow in Windows XP SP1's rundll32.exe

Joe Iuen — Wed, 09 Jul 2003 15:15:26 GMT

Joe Iuen
Wed, 09 Jul 2003 15:15:26 GMT
Can you provide more information about this issue? What rights did the user have when the this occurred and what rights did the user have afterwards? Thanks!

Unchecked Buffer in Windows 2000 WebDAV

Matthew Baum — Wed, 19 Mar 2003 07:51:52 GMT

Matthew Baum
Wed, 19 Mar 2003 07:51:52 GMT
CREDIT TO MICROSOFT! PLEASE>>>>WE FOUND THAT!!! OUR ENGINEERS AT MY AGENCY FOUND THIS! DON"T GIVE MICROSOFT AND OUNCE OF CREDIT! WE HAD TO BEAT THEM INTO RELEASING THIS!!!

Unchecked Buffer in Windows 2000 WebDAV

NY Post Reader — Tue, 18 Mar 2003 19:05:24 GMT

NY Post Reader
Tue, 18 Mar 2003 19:05:24 GMT
Micosoft did not discover this vulernability, a undisclosed company discovered it when they called Microsoft to say that something was wrong with their web servers, well at least this is what today’s New York Post reports....

Multiple Vulnerabilities in Microsoft IIS

Jojy George — Tue, 28 Jan 2003 00:02:19 GMT

Jojy George
Tue, 28 Jan 2003 00:02:19 GMT
I am having a problem when i am opening IIS 5.0 in windows 2000 server.When i am opening IIS service maanger it is showing that "a non-fatal configuration error occured.Not all available information may be dispalyed".Also i cann’t add new sites to the server due to this.i cann’t edit the current sites properties.can you help in this situation.

Buffer Overrun Vulnerability in CuteFTP for Windows

Richard Otter — Tue, 21 Jan 2003 17:10:08 GMT

Richard Otter
Tue, 21 Jan 2003 17:10:08 GMT
What? Can this be explained in more detail.

Privilege Escalation Vulnerability in Microsoft's WM_TIMER Message Handling

Bill Gates — Thu, 19 Dec 2002 13:48:19 GMT

Bill Gates
Thu, 19 Dec 2002 13:48:19 GMT
Do not believe that. This vulnerability was discovered in september not by Microsoft. So many servers have been knocked out before december 16

Vulnerability In Microsoft's Server Message Block for Windows XP and Windows 2000

Vu, Ngoc Chi — Thu, 19 Dec 2002 06:05:31 GMT

Vu, Ngoc Chi
Thu, 19 Dec 2002 06:05:31 GMT
It sounds very good. But the problem with deployment SP1 for XP in our firm is, that afterwards there are certain problems while working with Office files as in the Technet article Q331519 Network File Errors Occur After You Install Windows XP SP1 stated. Microsoft suggests us to disable SMS signing feature with we have’nt enabled at all. So it means there is no solution for it till now.

Multiple Vulnerabilities in Sybase Adaptive Server 12.0 and 12.5

Mike Brewer — Wed, 04 Dec 2002 14:34:25 GMT

Mike Brewer
Wed, 04 Dec 2002 14:34:25 GMT
What risk do these pose? What rights would the hacker need in order to exploit either vulnerability?

Multiple Vulnerabilities Exist in Kerio MailServer 5.0 for Windows XP/2000/NT

Trude Janssen — Wed, 06 Nov 2002 10:12:31 GMT

Trude Janssen
Wed, 06 Nov 2002 10:12:31 GMT

This information is not up-to-date. These vulnerabilities regarding our Kerio MailServer have been fixed as of October 22, when we released the Kerio MailServer 5.1.7.
For more information you can contact Kerio Technologies’ Technical Support Department (support@kerio.com).

Multiple Vulnerabilities in Microsoft Windows Media Player

Alan Crowe — Thu, 04 Jul 2002 04:27:31 GMT

Alan Crowe
Thu, 04 Jul 2002 04:27:31 GMT

I note that you include no comment regarding the change of EULA in this "security" patch. It includes the following statement:
"Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management ("Secure Content"), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update."
Microsoft appears to be trying to sneak DRM in the back door, by masking the updates as part of security patches... A security patch should fix a vulnerability in software I am running, not introduce a measure which prevents me from doing what I want with MY hardware.
Attempting to play, or playing, "secured content" on a PC is not a security breach of that system. Why should a patch to prevent such activity merit inclusion in a security patch?>br> OTOH, at least they are good enough to say that their so-called "security" patches may break other software.
Regards, Alan.

Multiple Vulnerabilities in Microsoft Windows Media Player

Geoff — Wed, 03 Jul 2002 14:40:36 GMT

Geoff
Wed, 03 Jul 2002 14:40:36 GMT

If you download the patch, up pops a supplemental EULA which says you agree to let Microsoft update your software later on, and which holds MS harmless from breaking other software if they do that.
Does anyone know how that would work if the clients are behind a firewall?

Multiple Vulnerabilities in Microsoft Excel, Office XP, and Word

Lance Otis — Fri, 21 Jun 2002 11:26:23 GMT

Lance Otis
Fri, 21 Jun 2002 11:26:23 GMT

On 20 June 2002: In Microsoft’s latest email: "Insider Update for Preferred Customers", they headline the following Top Insider Story:
"Online Homeland Security for Your Family Want to ensure a safe Internet experience for you and your children? You can rest easy when you utilize the latest security features built into Internet Explorer 6, Outlook(r) Express, and Windows(r) Messenger."
How can Microsoft do this with a straight face? Just look at today’s announcements re: NIMDA in .NET and the vulnerabilities listed in this article. Does anyone believe Microsoft is capable of providing "Online Homeland Security for Your Family"?

Buffer Overflow in Ipswitch's IMail Server

Yen — Wed, 05 Jun 2002 19:21:51 GMT

Yen
Wed, 05 Jun 2002 19:21:51 GMT

How about fix for older version? We do not have budget to upgrade IMail yet and expose to the vulnerability now.

Denial of Service in Exchange 2000 Server

Ken Huang — Mon, 03 Jun 2002 00:06:54 GMT

Ken Huang
Mon, 03 Jun 2002 00:06:54 GMT

We are glad that Microsoft has released a patch for the security hole found in Exchange Server 2000. However, this patch won’t install in the Small Business Server 2000 where Exchange Server 2000 is integrated to.

Authentication Flaw in Windows Debugger

Radim — Wed, 29 May 2002 02:39:26 GMT

Radim
Wed, 29 May 2002 02:39:26 GMT

It is DebPloit dicovered by me on March 9th.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0367

Multiple Vulnerabilities in Microsoft Internet Explorer

LUIS pALACIOS — Mon, 20 May 2002 14:57:59 GMT

LUIS pALACIOS
Mon, 20 May 2002 14:57:59 GMT

DOES ANYONE KNOW IF PREVIOUS VERSIONS OF IE ARE VULNERABLE? IE 2.0 IE 4.01?

Denial of Service in Microsoft Directory Services Port 445

John Holden — Thu, 02 May 2002 12:42:58 GMT

John Holden
Thu, 02 May 2002 12:42:58 GMT

In this online article you have a link to two work arounds from Microsoft. This link points to Knowledge Base Article Q320751. In looking up that article Microsoft’s Knowledge Base returns the following message "The Knowledge Base (KB) Article You Requested is Currently Not Available"
Hmmm... any ideas on: 1. Why Microsoft has pulled the article and 2. how do I protect my environment?
Cheers, John.