On 2/23/2003 1:14:35 PM, Ted Green wrote:
>At 11:15 PM 2/22/2003, you
>wrote:
>>I suppose the fact that, by default, vpw.exe autostarts startup.vdm has some security risk in it, yes?
>Startup.vdm is not a security
>risk, if a virus/hacker can
>change the startup.vdm file,
>it can change any file on your
>computer. The problem is
>people who click on email
>attachments. Some (unpatched)
>versions of Outlook auto-open
>all attachments - a virus
>writers dream-come-true.
But what about this
Someone sends a macro of some ms app (say excel) as an email attachment that is received by an unpatched outlook. That macro searches for c:\vedit\startup.vdm. If found, it is replaced by a destructive vdm of the same name. The next time vedit is started up the destructive vdm is executed.
This would be a little more difficult to do if startup.vdm was +R
>(I didn't mean to jump on you
>Steve; all of Microsoft has
>also overlooked such issues in
>their Office products.)
No offence taken Ted.
PS I would neither be offended by forum moderation of this post.
Steve
|
|