COMMAND
Zak (with Office97)
SYSTEMS AFFECTED
WinNT
PROBLEM
Mikko Verlinna found following. It was tested with ZAK in
"Appstation" mode. Now the only ZAK "security hole?" Office
"bug?" that was discovered is the following. When you are in
some Office application ex. Word click on the Open dialog box,
then right click on the Open dialog box's background and you get a
dialog with Explore.
Choose this "explore", and you have a perfectly working Explorer.
Even the harddrive is hidden with a Policy entry, the ZAK
installation has run the ACLS.CMD and HIDE.CMD. (Note: ACLS.CMD
is modified like described in Q182367) But in your newly opened
Explorer you can take the Go to dialog and write C: then OK and
now you have chosen to show all files. Ok, what can you do when
everything is locked? Go to C:\TEMP or create your own directory,
copy your favorite program or game here and change the executable
file name to ex. Winword.exe. This has to be done or the policy
Run only allowed apps will stop you....
SOLUTION
Microsoft was contacted and they can't help. If you want to
close this hole you have to write an app that sniffs system calls
from the Office programs and if there is a call after this
imbedded Explorer then the app should stop this.
However, the way to stop the explorer from being an option is to
remove it from under the file association for folders. To do this
follow these directions:
Go to My Computer
Select View and Options
Click on the File Types tab
Find the Folder association and double click to open it
Highlight explore and click Remove
This will remove the explorer option from all right mouse button
calls. The next area to look at is to give the everyone group
Execute rights only to explorer.exe command. This will allow
explorer to run for the desktop but it will not be available to be
added by embedding it into a Word or Excel document. Another good
are to look at is after you install SP4 there are some new
policies that can keep the user from showing all files. Check out
TechNet for reference to the update.