Forwarding Address: OS X

Thursday, February 07, 2002

Reposted from Boing Boing: MSFT patched Office for OSX today, to close a security hole that their own "security" measures created. Office X checks its local area network to see if any other copies with the same serial are running before launching, as a way to force owners to buy licenses for every copy of Office X they use. So far, so good. But as it turns out, malicious users can capture the serials of legit Office copies and broadcast the numbers over the network (or spoof them into your network from outside) and shut down your copy of Office. Copy-prevention: gotta love it.
A security vulnerability results because of a flaw in the Network PID Checker. Specifically, the Network PID Checker doesn’t correctly handle a particular type of malformed announcement – receiving one causes the Network PID Checker to fail. When the Network PID fails like this, the Office v. X application will fail as well. If more than one Office v. X application was running when the packet was received, the first application launched during the session would fail. An attacker could use this vulnerability to cause other users’ Office applications to fail, with the loss of any unsaved data. An attacker could craft and send this packet to a victim's machine directly, by using the machine's IP address. Or, he could send this same directive to a broadcast and multicast domain and attack all affected machines.
Link Discuss (Thanks, Biscuit!)