Hi Dennis, On Wednesday, 2011-08-31 18:29:02 -0700, Dennis E. Hamilton wrote:
> Oh, so it wasn't actually an MS Office file, but a spoof with a .doc filename? I only vaguely remember, but I think it was that way. > That would definitely be hard to catch. I'm not sure what would cause > it to execute though. Name it .doc and set the content type to text/html Anyway, I'm not sure about .doc anymore, the same of course works with .html and probably any other extension. > Was there a condition under which the exploit > could be made to be run while pretended to be a .doc file? The trigger is the content type. Eike -- PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication. Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3 9E96 2F1A D073 293C 05FD
signature.asc
Description: Digital signature
