Remko Weijnen's Blog (Remko's Blog)

About Terminal Server, Citrix, Delphi and other stuff

Session freeze when starting Excel

Author: Remko

20 Feb

Environment
Windows 2003 Enterprise (32 bit), Citrix XenApp 5, RES Workspace Manager 2011, McAfee VirusScan Enterprise 8.7.0i.

Problem
When a opening an Excel workbook from Sharepoint the whole session freezes.

I asked the user to open an Excel workbook from Sharepoint and I noticed the following popup:

Some files can harm your computer. If the file information looks suspicious or you do not fully trust the source, do not open the file | You are opening the following file: | File name: My Workbook.xls | From: Sharepoint

So my first thought was that the user somehow clicked this message to the background and IE was waiting for a response.

(more…)

  • 0 Comments
  • Filed under: Citrix, Windows 2003

    • The XLSploit explained

    Author: Remko

    12 Feb

    Recently I published a Proof of Concept that showed it was possible to launch unauthorized processes with both AppSense Application Manager and RES Workspace Manager.

    Although I didn’t test Microsoft Applocker I have no doubt at all that we couldn’t bypass it.

    imageI have named my Proof of Concept the XLSploit because I am using Excel as a trampoline. I choose Excel because this is generally a trusted process and VBA offers access to the Windows API that is needed.

    After publishing the XLSploit I have talked to both RES and AppSense and not that they both have a response to my Proof of Concept, I consider it safe to tell a little more about how it works.

    If you are merely interested in stopping the XLSploit, please scroll down to the end of the article.

    (more…)

  • 2 Comments
  • Filed under: General

    • Profile

    View Remko Weijnen's profile on LinkedIn

    Follow RemkoWeijnen on Twitter

    Tags

    Recent Tweets

    Views

    Recent Comments

    Donate


    Blogroll


    Categories


    Archives


    Site Admin | powered by WordPress | Theme