The odd saga of CVE-2012-5639

Posted Jan 10, 2024 9:41 UTC (Wed) by Wol (subscriber, #4433)
In reply to: The odd saga of CVE-2012-5639 by NYKevin
Parent article: The odd saga of CVE-2012-5639

At my employer, the attempt to lock down our systems so that malicious content can't get in is a real nuisance.

But from what I see in my role as a "Cyber Friend" (aka "user interested in security") it's very much needed.

Having programs *unexpectedly* (and this is the key word) reaching out to the net for random content is very scary - and very dangerous! If I ask my system to reach out, fine. If somebody sends me a (possibly malicious) document that reaches out without my knowledge (or worse, is somehow auto-opened and reaches out without my involvement at all) is opening my company up to a serious data breach.

Cheers,
Wol

The odd saga of CVE-2012-5639

Posted Jan 10, 2024 11:11 UTC (Wed) by smurf (subscriber, #17840) [Link] (3 responses)

Exactly.

Besides, it's not just malicious *content*. The content may well be perfectly innocuous but IP addresses are geolocatable; your physical security may depend on the author of a document not knowing where you are if/when you read it.

Movie plot-level scenarios (i.e. requiring nontrivial levels of suspension of disbelief) which exploit this can be constructed easily. The problem is that there's a real issue behind most implausible far fetched schemes.

The odd saga of CVE-2012-5639

Posted Jan 10, 2024 19:53 UTC (Wed) by NightMonkey (subscriber, #23051) [Link] (2 responses)

> Movie plot-level scenarios (i.e. requiring nontrivial levels of suspension of disbelief) which exploit this can be constructed easily. The problem is that there's a real issue behind most implausible far fetched schemes.

Reading and hearing some of the stories of how the State of Israel calls some people before bombing their community help confirm this worry. I don't think it is rare today. Sure, how they do it is secret, but I think it is plausible that IP addresses are part of the process of geolocating people in Gaza and in the West Bank.

One example: https://www.bbc.com/news/world-middle-east-67327079

The odd saga of CVE-2012-5639

Posted Jan 11, 2024 4:34 UTC (Thu) by passcod (subscriber, #167192) [Link] (1 responses)

In that case it's not particularly secret: Israel controls the civil registry, migration, and issuance of identity documents for Gaza residents. Of course they have everyone's addresses.

The odd saga of CVE-2012-5639

Posted Jan 19, 2024 3:58 UTC (Fri) by paulj (subscriber, #341) [Link]

Israel also controls taxation in Gaza and the West Bank. They control civil registrations and taxation. They hold a lot of information. (And then withhold chunks of the revenue from the taxes due to the PLA, sometimes all of it).

The odd saga of CVE-2012-5639

Posted Jan 11, 2024 3:00 UTC (Thu) by DimeCadmium (subscriber, #157243) [Link]

> document that reaches out without my knowledge (or worse, is somehow auto-opened and reaches out without my involvement at all) is opening my company up to a serious data breach

It's really not, though, in the same way as clicking on a link is not. (Of course, browser 0days and *Office 0days are both possible, but that doesn't stop anyone from clicking links)

Both load content into a document from arbitrary remote sources, and both can reveal things like your IP address to an "attacker".