Office 97 Word document vulnerability

["Young, Brandon" <Brandon.Young () Honeywell com>]

All,

Has anyone tested this to determine if this exploit (http://online.securityfocus.com/archive/1/289268 ) will insert the
whole file or just it's contents. To be more specific, would it be possible to use this exploit to get an end user to
send you a copy of their PWL or SAM file (from repair directory)?

> From the information I have seen, it is unclear as to exactly how the content is attached to the malicious document,
whether it is only including a copy of the actual text or of it is treating the file as an attachment. I plan to test
this next week (hopefully) but thought I'd check to see if any of you have beaten me the punch.

Thanks,
Brandon