Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-174: Vulnerability in OLE Automation

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-174: Vulnerability in OLE Automation
# 1  
Old 02-12-2008
S-174: Vulnerability in OLE Automation
A remote code execution vulnerability exists in Object Linking and Embedding (OLE) Automation that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. The risk is MEDIUM. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Perl syntax and html ole parsing

Hi gurus I am trying to understand some advanced (for me) perl constructions (syntax) following this tutorial I am trying to parse html: Using Mojo::DOM | Joel Berger say "div days:"; say $_->text for $dom->find('div.days')->each; say "\nspan hours:"; say $_->text for... (1 Reply)
Discussion started by: wakatana
1 Replies

2. Shell Programming and Scripting

win32 ole in deepr details in perl

Hello Gurus, I am begginer in perl. I would like to ask several questions, some related to perl and its syntax but most will be regarding to WIN32 OLE. My main goal is to develop script that will check word document structure (return some information) and make some changes in this document (if it... (0 Replies)
Discussion started by: wakatana
0 Replies

3. Shell Programming and Scripting

Details about WIN32::OLE

Hi all, Is win32::OLE module is applicable in linux system??? from my understanding it is not possible..because we have to use some tools for that..for more info refer this website http://oclug.on.ca/archives/oclug/2001-July/008100.html (1 Reply)
Discussion started by: kavi.mogu
1 Replies

4. Shell Programming and Scripting

PERL Win32::OLE Inserting Picture in Excel

I am trying to insert a picture into a worksheet in Excel using Perl the following is the code use Win32::OLE; use Win32::OLE::Const "Microsoft Excel"; use Win32::OLE qw(in with); # Initiate Excel application $Excel = Win32::OLE->new('Excel.Application', 'Quit'); $Excel->{Visible} =1; #... (1 Reply)
Discussion started by: cold_Que
1 Replies

5. Shell Programming and Scripting

MS Outlook + Win32::OLE

Hey guys, I'm trying to go through my emails in Outlook until I find an email with a certain subject line. I am able to send emails with no problem, but reading emails and their properties (From, Subject, etc.) is my main problem. Basically, I don't know where to start and using search engines... (2 Replies)
Discussion started by: kooshi
2 Replies

6. Shell Programming and Scripting

OLE ERROR in perl

Hello All, I have executed one script where i am getting this error,what may be the reason..... please help me out. OLE exception from Microsoft Excel Win32::OLE(0.1403) error 0x800a03ec in METHOD/PROPERTYGET "open" (1 Reply)
Discussion started by: suvenduperl
1 Replies

7. Shell Programming and Scripting

Spell Check in MS Word using PERL OLE

Hi, I am trying automate couting number of spell and typo errors in MS Word document using perl script. In perl script, i am using Win32::OLE module of perl to read MS word document. Can anybody tell me are there any modules available in perl which can be imported into my script to... (0 Replies)
Discussion started by: 123an
0 Replies
Login or Register to Ask a Question

LEARN ABOUT REDHAT

ne_request_create

NE_REQUEST_CREATE(3)						neon API reference					      NE_REQUEST_CREATE(3)

NAME

       ne_request_create, ne_request_dispatch, ne_request_destroy - low-level HTTP request handling

SYNOPSIS

       #include <ne_request.h>

       ne_request *ne_request_create (ne_session *session, const char *method, const char *path);

       int ne_request_dispatch (ne_request *req);

       void ne_request_destroy (ne_request *req);

DESCRIPTION

       An HTTP request, represented by the ne_request type, specifies that some operation is to be performed on some resource. The ne_request_cre-
       ate function creates a request object, specifying the operation in the method parameter. The location of the resource is determined by  the
       server in use for the session given by the sess parameter, combined with the path parameter.

       The  path  string used must conform to the abs_path definition given in RFC2396, with an optional "?query" part, and must be URI-escaped by
       the caller (for instance, using ne_path_escape. If the string comes from an untrusted source, failure to perform URI-escaping results in  a
       security vulnerability.

       To  dispatch a request, and process the response, the ne_request_dispatch function can be used. An alternative is to use the (more complex,
       but more flexible) combination of the ne_begin_request, ne_end_request, and ne_read_response_block functions; see .

       To add extra headers in the request, the functions ne_add_request_header(3) and ne_print_request_header(3) can be used. To include  a  mes-
       sage body with the request, one of the functions ne_set_request_body_buffer(3), ne_set_request_body_fd(3), or  can be used.

       The  return  value of ne_request_dispatch indicates merely whether the request was sent and the response read successfully. To discover the
       result of the operation, use , along with any processing of the response headers and message body.

       A request can only be dispatched once: calling ne_request_dispatch more than once on a single ne_request object produces  undefined  behav-
       iour.  Once all processing associated a the request object has been completed, use the ne_request_destroy function to destroy the resources
       associated with it. Any subsequent use of the request object produces undefined behaviour.

RETURN VALUE

       The ne_request_create function returns a pointer to a request object (and never NULL).

       The ne_request_dispatch function returns zero if the request was dispatched successfully, and a non-zero error code otherwise.

NOTES

ERRORS

       NE_ERROR
	      Request failed (see session error string)

       NE_LOOKUP
	      The DNS lookup for the server (or proxy server) failed.

       NE_AUTH
	      Authentication failed on the server.

       NE_PROXYAUTH
	      Authentication failed on the proxy server.

       NE_CONNECT
	      A connection to the server could not be established.

       NE_TIMEOUT
	      A timeout occurred while waiting for the server to respond.

EXAMPLE

       An example of applying a MKCOL operation to the resource at the locationhttp://www.example.com/foo/bar/:

       ne_session *sess = ne_session_create("http", "www.example.com", 80);
       ne_request *req = ne_request_create(sess, "MKCOL", "/foo/bar/");
       if (ne_request_dispatch(req)) {
	  printf("Request failed: %s
", ne_get_error(sess));
       }
       ne_request_destroy(req);

SEE ALSO

       ne_get_error(3), ne_set_error(3), ne_get_status(3), ne_add_request_header(3), ne_set_request_body_buffer(3).

AUTHOR

       Joe Orton <neon@webdav.org>.

neon 0.23.5							   8 October 2002					      NE_REQUEST_CREATE(3)