Reported September 18, 2000 by Georgi Guninski

VERSIONS AFFECTED
  • Microsoft Office 2000 (Windows 98 and Windows 2000)

DESCRIPTION

If certain DLL files are present on a system running Windows 98 or Windows 2000 they can be exploited to execute native code.  This could lead to an attacker gaining full control over a system.  It has been reported that this attack also works via UNC shares.

DEMONSTRATION

If either RICHED20.DLL or MSI.DLL are present on the system and in the same directory as Office documents double clicking on the Office documents will execute the code in DllMain () of the above DLLs.

A demonstration of this vulnerability is available at;  http://www.guninski.com

VENDOR RESPONSE

Georgie Guninski made no indication that the vendor has been contacted.  Windows IT Security forwarded the advisory to Microsoft and is awaiting a response.

CREDIT
Discovered by
Georgi Guninski