We all know that Microsoft is the most trustworthy company in the world
which also invented computers and co-invented the Internet with Al Gore.
But even the best company in the history of mankind is not perfect. For
example, among other things, take a quick read at the following story.
Alex Gantman reported last week on Bugtraq that he's
discovered an interesting way to use Word fields to pilfer
a file. The hole he describes only affects Word 97. Alex
calls it "Document Collaboration Spyware" and that sounds
like a good description to me. Here's how it goes.
A friend of yours - call her "Alice" - sends you a Word
document. She asks you to take a look at it, make changes,
and send it back to her. Simple enough, eh?
So you scan the .doc file with all of your anti-virus
arsenal and it comes up clean. Open it in Word 97, and
there are no macros. Cool. Make a few changes, close the
doc and tell Word to save the changes. Then you send the
document back to Alice. Nothing to it. Happens a hundred
thousand times a day.
Except when Alice gets this particular document back, it
contains a copy of the most sensitive files on your
computer - that big contract you're working on, say, or a
spreadsheet of salaries, or all of your Outlook data. Alice
gets the whole enchilada. And you never saw a thing: the
pilfered data is hidden inside the document.
http://www.wpuniverse.com/vb/showthread.php?s=&threadid=6914
Of course, this problem only happens with Word 97, we can safely assume
that Microsoft must have already solved them in subsequent versions.
