Bugtraq mailing list archives
RE: More Office XP problems
From: "Mary Landesman" <mlande () bellsouth net>
Date: Sat, 6 Apr 2002 15:48:53 -0500
This could well be considered risky behavior. A .DOC file containing macros can be renamed to .RTF. Word will quite happily open and execute the macros in these files. (One of the Melissa variants took advantage of this). Getting people used to practices that have inherent weaknesses in them leads to a false sense of security and, IMO, a greater risk of infection. RTF fits that bill all too well. -- Mary Landesman -----Original Message----- From: Kevin Brown [mailto:kevin () kbrownfox net] Sent: Friday, April 05, 2002 8:57 PM To: 'BUGTRAQ () SECURITYFOCUS COM' Subject: RE: More Office XP problems RTF is a benign file format and does not support scripting or embedded HTML tags. I know of large companies that require all external documents be sent to them as RTF to avoid the problems of macro viruses and other malicious code. Brownfox -----Original Message----- From: Paul Schmehl [mailto:pauls () utdallas edu] Sent: Friday, April 05, 2002 6:36 PM To: Leonard Chung; guninski () guninski com; Ben Schorr Cc: 'BUGTRAQ () SECURITYFOCUS COM' Subject: RE: More Office XP problems The default editor for Outlook XP (2002) is Word *if* Office is installed. (I don't know if it is if Office isn't installed.) Default "sending type" is RTF. {{shudder}}
Current thread:
- RE: More Office XP problems Ben Schorr (Apr 03)
- Re: More Office XP problems Georgi Guninski (Apr 04)
- RE: More Office XP problems Leonard Chung (Apr 05)
- RE: More Office XP problems Paul Schmehl (Apr 05)
- RE: More Office XP problems Kevin Brown (Apr 05)
- RE: More Office XP problems Mary Landesman (Apr 08)
- RE: More Office XP problems Leonard Chung (Apr 05)
- Re: More Office XP problems Georgi Guninski (Apr 04)
- <Possible follow-ups>
- RE: More Office XP problems Paul Szabo (Apr 08)