[funsec] Are Office document files also an attack vector for
larry at larryseltzer.com
Fri Dec 30 12:38:54 CST 2005
>>I suspect that a booby-trapped .WMF file can be embedded in Office files
(Word, Excel, PowerPoint, ....) and will auto-execute when a document file
There's a line about this in Microsoft's advisory
Metafile (WMF) images can be embedded in other files such as Word documents.
Am I vulnerable to an attack from this vector?
No. While we are investigating the public postings which seek to utilize
specially crafted WMF files through IE, we are looking thoroughly at all
instances of WMF handling as part of our investigation. While we're not
aware of any attempts to embed specially crafted WMF files in, for example
Microsoft Word documents, our advice is to accept files only from trusted
source would apply to any such attempts."
OK, starts out with an emphatic "No" and then wooses out. Any new info on
eWEEK.com Security Center Editor
Contributing Editor, PC Magazine
larryseltzer at ziffdavis.com
More information about the funsec