No they are not limited to format exceptions and plenty of benign appearing documents have wrought havoc but in many cases users should have known better. Wait, that is a statement that I will have to reevaluate. :)
I'm concerned that there is more to see here, and it could be chalked up to FUD. Michael Oke, II [email protected] On Nov 1, 2011, at 8:06 AM, Ed Leafe <[email protected]> wrote: > On Nov 1, 2011, at 8:42 AM, MB Software Solutions, LLC wrote: > >> "Microsoft Office File Validation is a security add-in for Office 2003 >> and 2007. Office File Validation is used to validate that Binary File >> Format files conform to the Microsoft Office File Format. The user will >> be notified of possible security risks if files fail to conform to the >> format." >> >> Hmmm...why does this make me think of FUD (like from DR-DOS days) and >> Geuine Advantage and killbits and OpenOffice files writing out MS Office >> files? > > Maybe because security risks aren't limited to format exceptions? There > are a large number of Office security holes that were exploited by perfectly > legitimate documents with malicious scripts. > > What's that saying about a tiger changing its stripes? ;-) > > > -- Ed Leafe > > > > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
