Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How does

> When exploited, the vulnerability allows an attacker to remotely execute arbitrary code

go along with

> [...] will need a specifically crafted file and use social engineering methods (observed in this campaign) to convince a user to open it [...]

Is this a fucking joke? Looks like some company just want to push their name out there and get some free media exposure.



From the article: The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files. In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources.

So the process is initiated through a spearphish, and when the file is opened the vulnerability causes the system to download additional code and execute it.


Hey! I implemented that DLL in Wine! :) Doesn't currently parse INF files, heh.


Calling it remotely exploitable indeed seems misleading. A lot of the article is just fluf without real content.


Yeah, it seems this is nothing more than yet another Microsoft Office bug (PowerPoint this time) which can be used for an email worm.

I think they're trying to get on the Heartbleed and Shellshock bandwagon by trying to get a name all over the media for a fairly minor exploit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: