It's a security issue, i found it and reported this to MS long time ago when i started to research shared sections bugs, MS will fix the issue in some future. I don't know why MS said to you that it's not a security issue. Cesar. --- sylvain.roger@xxxxxxxxxx wrote: > As I got some questions about this I think I need to > precise it. > I can say for sure now : It is not a firefox > vulnerability but Microsoft Office vulnerability. > Firefox is just here as an example. > The vulnerability is that when a winword.exe process > is created from another application (like > firefox.exe) it creates a shared section called > \BaseNameObjects\Mso97SharedDgXXXXXXXX which has > write rights for everyone. This allows to write > arbitrary data on the shared section resulting in a > denial of service of all opened Microsoft Office > applications. It may be necessary sometimes to > reboot the machine in order to use again the Office > applications. > Microsoft just answers it is a technical issue and > not a security issue > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
