This is actually on-topic, sort of :)
Go to the link mentioned below and click on the link on that page in
Netscape under Linux. I just tried it out of curiosity and it brought
Netscape down immediately. It might be that clicking on any rtf file
crashes Netscape.. I don't know.
Netscape 4.72, glibc used.
-------- Original Message --------
Subject: Re: Wordpad vulnerability, exploitable also in IE for Win9x
Date: Thu, 24 Feb 2000 07:55:57 +0100
From: Charles Skoglund <charles at MOVINGPICTURES.SE>
Reply-To: Charles Skoglund <charles at MOVINGPICTURES.SE>
To: BUGTRAQ at SECURITYFOCUS.COM
> Georgi Guninski security advisory #7, 2000
>> Wordpad vulnerability, exploitable also in IE for Win9x
> The opinions expressed in this advisory and program are my own and not
> of any company.
> The usual standard disclaimer applies, especially the fact that Georgi
> Guninski is not liable for any damages caused by direct or indirect use
> of the information or functionality provided by this program.
> Georgi Guninski, bears NO responsibility for content or misuse of this
> program or any derivatives thereof.
> There is a vulnerability in Wordpad which allows executing arbitrary
> programs without warning the user after activating an embedded or linked
> object. This may be also exploited in IE for Win9x.
> Wordpad executes programs embeded in .doc or .rtf documents without any
> warning if the object is activated by doubleclick.
> This may be exploited in IE for Win9x using the view-source: protocol.
> The view-source: protocol starts Notepad, but if the file is large, then
> the user is asked to use Wordpad. So creating a large .rtf document and
> creating a HTML view-source: link to it in a HTML page or HTML based
> email message will prompt the user to use Wordpad and a program may be
> executed if the user doubleclicks on an object in the opened document.
>> Demonstration which starts AUTOEXEC.BAT:
>http://www.whitehats.com/guninski/wordpad1.html> Workaround: Do not activate objects in Wordpad documents
>> Copyright Georgi Guninski
> Georgi Guninski
I tested it under Word97 running on a Wimpdoze NT4 (SP4), and it works.
"Oh my God, they killed Kenny! You bastards!"
-/s t i l l b o r n c r e w 2 0 0 0/-
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!