Black Hat Talk Demonstrates New Document Exploits

← Back to Stories (view on slashdot.org)

Black Hat Talk Demonstrates New Document Exploits

Posted by timothy on Saturday August 6, 2011 @07:38AM from the send-you-this-file-in-order-to-have-your-advice dept.

darthcamaro writes "Remember the days of the viruses embedded in email attachments? They're coming back, according to a pair of researcher talking at Black Hat this week: '"If you have installed all Microsoft Office patches and there are no 0 day vulnerabilities, will it be safe to open a Word or Excel document?" TT asked the audience. "The answer is no."'"

60 comments

Min score:

Reason:

Sort:

Is this really news? by Anonymous Coward · 2011-08-06 07:45 · Score: 3, Insightful

Anybody worth their salt knows that any attachment can be dangerous. You can hide all sorts of things in them. Especially for files that allow arbitrary things to be embedded in them, like Word documents.
1. Re:Is this really news? by Anonymous Coward · 2011-08-07 13:50 · Score: 0
  
  The tall UGG boots classic snow will be an ideal choice of this year
  A uggs online stylish. Now, you can find quite a number of color and lovely print a number on the market. These tall boots, and classic tall shaft up just below the knees of has a simple elegant appearance. In fact can wear these boots vamp cuff create a interesting sheepskin around an the top edge of the appearance and add more elegant and women's fashion watch. This kind of style is really eternal and perfect any type of jeans, shorts, short skirt, to cooperate with a look of color to begin. In particular, it can be used as the perfect cooperation and a fur coat. Due to the color of the skins dyed, whatever you can think of, you can always find UGG are your perfect choice, finish your fashionable appearance. If uggs boots you are a UGG lover, you will know some classic UGG color natural chestnuts, elegant grey, sand, brown and black, like chocolate, this is the ultimate personal comfortable UGG have won global popularity in these eternal tonal. The classic color, everyone can be a great combination, classic look and feel, from the UGG Australia only. For example, bright, natural sand color, can go to you the most romantic appearance, especially on the beach, or in all the ugg online bonfire party. UGG this year, more rich and colorful classic tall tonal, navy, tile, sunflower, like, these never short-term shadow any a stylish will be perfect. Just think, a girl in a pair of classic UGG high fireworks design, soft flow on the behavior of the dark brown color, in the pink face and her cooperation. It is really a little guys fashionable appearance! The time and place of shorts. Time is in the 18 and 21 years old of birthday, and between TuoNa beach during spring break generation or in alarm to provide drinks place. If ugg boots you do not belong to the magic field, your shorts must cover you ass cheeks. If you look as if it is the wistful swallowed with your pants, you have better service chicken wings and beer to customers, or in the rough "hottest steamed stuffed bun" won the first place in the competition. .TS
Well duh... by Oxford_Comma_Lover · 2011-08-06 07:46 · Score: 3, Funny

Of course it's not safe to open the document. It could be a "Starbuck should be a dude" rant.

--
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
1. Re:Well duh... by girlintraining · 2011-08-06 07:55 · Score: 3, Funny
  
  "Starbuck should be a dude"
  Sir, we're going to have to ask you to leave. Turn in your man card at the front office. You can pick it up on monday at the Men's Rules Enforcement Department off 7th street. You'll need to explain to them why you, as a heterosexual male, asked to replace a hot female actress with a pudgy male one. Depending on your answer, there may be a fine.
  Thank You,
  The Internetz
  
  --
  #fuckbeta #iamslashdot #dicemustdie
2. Re:Well duh... by Ethanol-fueled · 2011-08-06 07:56 · Score: 1, Funny
  
  Of course it's not safe to open a document when running Windows. My Ubuntu desktop Linux operating system never gets viruses no matter what I open, because it uses a robust security model with actual file permissions. For example, instead of simply clicking "yes" to everything, I also have to enter my password so I know I give things a second thought before executing them.
  
  Of course, even if Linux just had a Yes/No dialog, I could click "yes" until I'm blue in the face and my system would never get a single virus because it's Linux and Linux doesn't get viruses. UNIX doesn't get viruses either. Even Mac's get viruses because they're based on a phone operating system(I/OS) and phone operating systems are made easy to exploit because AT&T have to spy on people for the government.
  
  Be safe. Be sensible. Be Linux.
3. Re:Well duh... by Anonymous Coward · 2011-08-06 08:05 · Score: 0
  
  I think your comment could be used as a great basis for some troll copypasta.
4. Re:Well duh... by Anonymous Coward · 2011-08-06 08:09 · Score: 0
  
  To really check if you don't have any viruses on your Ubuntu box, just run
  cat /dev/urandom > /dev/sda
  It's way faster than clicking a bunch of Yes/No dialogs.
5. Re:Well duh... by Oxford_Comma_Lover · 2011-08-06 08:11 · Score: 1
  
  Dear Internetz,
  I promise to make it up with lots of Kara/Lee fanfic.
  Kisses,
  OCL
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
6. Re:Well duh... by John+Bresnahan · 2011-08-06 08:13 · Score: 1
  
  When I tried this, it just said "Permission denied".
  I must be doing it wrong.
7. Re:Well duh... by cynyr · 2011-08-06 08:34 · Score: 2
  
  the AC forgot to turn that into a ubuntu style tip...
  sudo cat /dev/urandom > /dev/sda
  That should do it for the unbuntu people.
  for the rest of every body, clearly this needs to run as root.
  
  --
  All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
8. Re:Well duh... by Anonymous Coward · 2011-08-06 09:17 · Score: 0
  
  To really check if you don't have any viruses on your Ubuntu box, just run
  cat /dev/urandom > /dev/sda
  It's way faster than clicking a bunch of Yes/No dialogs.
  sorry dude the correct Ubuntu way to get a virus is "sudo dd if=/dev/urandom of=/dev/sda"
  Even so you still have to insert your password!
  of course you can always run at the same time just for fun
  #bin.sh :(){ :|: & };:
  Point of all this silliness is that you can hose your 'puter no matter what the OS is just it is one heck of a lot easier to re- install a linux distro than to install Windows or Mac OS for that matter. And there is no friggin' way to create an effective worm or virus from an executable data file like an e-mail without doing social engineering and convincing the Linux user to do something really stupid. Something which is all too easy to do in the wonderful wacky world of Microsoft Office Software.
9. Re:Well duh... by PopeRatzo · 2011-08-06 09:36 · Score: 1
  
  asked to replace a hot female actress with a pudgy male one.
  
  Why he gotta be pudgy? Can't he be a hot Jack Harkness-style Starbuck?
  Some of us long for the days when the only women in science fiction were the ones with three breasts on the cover of Del Ray paperbacks.
  Three nicely-shaped breasts.
  
  --
  You are welcome on my lawn.
10. Re:Well duh... by Anonymous Coward · 2011-08-06 10:01 · Score: 0
  
  Seeing as the WWW is 20 years old some dude messing about with the sendmail programme created a worm which went around causing problems. This showed that UNIX was a more pwoerful OS than the other ones around at the time and how clever and creative its users were. Before this such unwanted behavior was blamed on Rabbits.
11. Re:Well duh... by Anonymous Coward · 2011-08-06 10:01 · Score: 0
  
  "Starbuck should be a dude"
  You'll need to explain to them why you, as a heterosexual male, asked to replace a hot female actress with a pudgy male one.
  Because two male pilots could have a babe each.
12. Re:Well duh... by JAlexoi · 2011-08-06 10:24 · Score: 1
  
  Are you calling a comma-phile a heterosexual? (Oxford_Comma_Lover)
  ...you insensitive clod!
13. Re:Well duh... by stderr_dk · 2011-08-06 11:13 · Score: 2
  
  sudo cat /dev/urandom > /dev/sda
  I don't have an Ubuntu-box (or other "sudo"-using box) at hand, so can't test it myself, but doesn't the shell try to open /dev/sda before trying to execute sudo? In other words: Before you got root permission.
  I.e. the same reason sort foo >foo gives you an empty file.
  Maybe something like
  cat /dev/urandom | sudo tee /dev/sda >/dev/null
  would work. I think, I used something like that last time I had to work around the shell opening std{in,out,err} before executing commands.
  
  --
  alias sudo="echo make it yourself #" ; # https://pipedot.org/~stderr & http://soylentnews.org/~stderr
14. Re:Well duh... by hairyfeet · 2011-08-06 17:55 · Score: 1
  
  Because having a hot babe you want to bang be your wingman in a bar is just.....well weird? The reason Apollo and Starbuck worked well together was Apollo could be kind of a stick in the mud so Stabuck would come and bail his ass out with the jokes, as a good wingman should. Hot babe? not only will hot babe make it worse but it will make dude in trouble look even MORE lame, not less.
  As for TFA... attachments are bad mmmkay? what sucks is how many years have we been trying to drum this into users heads? I know I have since the days of Win 95 and Outhouse Excrement. I have actually sat beside a user and said "DO NOT open that password protected zip, are you nuts? Its a virus!" only to get told "Awww you worry too much! Its from my BFF Kim see? She wouldn't do that" and damned if she didn't do EXACTLY what the email told her to with me practically trying to throw myself in front of the keyboard. That is why as a PC repairman i have this face as my standard face every. single. day.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
15. Re:Well duh... by Derek+Pomery · 2011-08-07 02:19 · Score: 1
  
  sudo sh -c "cat /dev/urandom > /dev/sda"
  There you go.
  That's also necessary in ubuntu 11.04 if you need to attach gdb to a running process...
  sudo sh -c "echo 0 > /proc/sys/kernel/yama/ptrace_scope"
  
  --
  -- perl -e'print pack"H*","6e656d6f406d38792e6f7267"' /. ate my old sig. Bastards.
16. Re:Well duh... by Yamioni · 2011-08-09 06:51 · Score: 1
  
  Point of all this silliness is that you can hose your 'puter no matter what the OS is just it is one heck of a lot easier to re- install a linux distro than to install Windows or Mac OS for that matter.
  Lacking experience with Mac OS I do not speak for it. However regarding optimized installs (Silent installs using scripts to select all options beforehand and remove user interaction) Windows 7 will install on my home machine in about 20 minutes and Random Linux Distro in 15-20. If you really need that 5 minutes, you probably should have made images and restored from those instead of reinstalling in the first place. I'll concede that Windows played 2nd fiddle to other OSes with regard to install time for pretty much all of recent history, but Microsoft has made great strides in making it much much much faster than it used to be. Saying that Linux is "a heck of a lot easier" to reinstall now simply isn't true.
  
  Yami
  
  --
  Cool post bro, highfive \o
17. Re:Well duh... by Anonymous Coward · 2011-08-11 02:33 · Score: 0
  
  You say that because you never had a hot babe be your wing(wo)man. Otherwise you'd appreciated them pulling chicks for you like crazy!
  Seriously, there is nothing better than a woman who's on your side to pick up chicks with! Because she knows exactly when to close, and what to say to whom when, and will tell you so. While all the girls think: Wow, if he can get such a hot girl, he must be quite something special. And you do the same for her. (Ok, it's better if you're hot youself. But that's not hard if you're constantly motivated to work out and care for yourself by that hot fermale friend and those babes you bang.)
  Think of her as a spy on the other side, working for you.
  If you can't appreciate a getting-laid-guarantee, then I'm really sorry for you.
At least I'm safe by Anonymous Coward · 2011-08-06 07:51 · Score: 0

I'm not connected to the internet. Workaround that!
1. Re:At least I'm safe by Lord+Juan · 2011-08-06 07:56 · Score: 2
  
  Now that is the definition of a self-defeating post.
2. Re:At least I'm safe by Sulphur · 2011-08-06 07:56 · Score: 2
  
  I'm not connected to the internet. Workaround that!
  If you did, then others can.
3. Re:At least I'm safe by Anonymous Coward · 2011-08-06 07:59 · Score: 1
  
  I'm not connected to the internet. Workaround that!
  USB stick? Do you install software? Play music from CD? Video from DVD? Send posts to /.?
  At least you THINK you're safe! :-)
4. Re:At least I'm safe by girlintraining · 2011-08-06 08:04 · Score: 1
  
  If you did, then others can.
  Well yeah, but it's unlikely others will be able to match the level of stupidity displayed by making a statement on a website stating they don't have internet. I mean, certain customer service representatives, perhaps... like the kind that e-mail you your new password after you tell them you're locked out of your e-mail account. But it's unlikely they'd be able to find slashdot if you gave them the name and set google as their homepage, so YMMV.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
5. Re:At least I'm safe by Anonymous Coward · 2011-08-06 13:22 · Score: 0
  
  I've got moderator points, but there's no whooosh option....
6. Re:At least I'm safe by Anonymous Coward · 2011-08-06 21:50 · Score: 0
  
  He is of course posting to /. via Jedi mind control or maybe there is a snail mail to /. post proxy
In other news... by girlintraining · 2011-08-06 07:59 · Score: 1, Insightful

In other news, embedding executable code into data files still considered stupid. Researchers continue to emphasize that executable code should only exist in (wait for it) -- executable files!
Now, we all understand that Intel and Microsoft had drunken money sex one evening and out of that relationship DOS was born... a retarded child that couldn't tell the difference between its food (the data) and the plate (executable code), and regularly ate both.
I'm just wondering why we're still entertaining this 'precious snowflake' and it's plate-eating habits twenty years on. Didn't we learn from the retarded kid that isolating data from executable code from the hardware level up was the Right Thing?

--
#fuckbeta #iamslashdot #dicemustdie
1. Re:In other news... by networkzombie · 2011-08-06 08:27 · Score: 4, Interesting
  
  Your argument restricting executable code covers a variety of technologies from OLE to html email. The same reason these technologies suck is also why they are so popular. On one hand you can embed stuff and do more! On the other hand they can embed stuff and do more.
2. Re:In other news... by SuricouRaven · 2011-08-06 08:40 · Score: 4, Interesting
  
  A lot of the time that executable code is to do shinystuff, like embed fancy animated charts in documents. One of the worst cases of all is in Windows Media, which will happily run scripts (Exploitable scripts) in media files without prompting or informing the user - and will do this based on magic bytes to identify filetype rather than extension. This lead to the proliferation of fake-mp3 malware on p2p networks. The purpose of the scripts is to allow for updating of the DRM technology and to allow for unauthorised media files to automatically direct the player to a website to purchase a licence.
3. Re:In other news... by Anonymous Coward · 2011-08-06 08:59 · Score: 1
  
  In other news, embedding executable code into data files still considered stupid.
  Nobody designing data file formats is actually putting in official ways to run executable code. The ability to do that comes entirely from implementation bugs. And no, embedded scripting languages don't count - they're not intended to be able to affect anything outside the document; when they can, it's again always the result of an implementation bug.
4. Re:In other news... by sjames · 2011-08-06 11:46 · Score: 1
  
  Embedded scripts certainly DO count! You can RUN them can't you? When you do, they do what the writer wanted, don't they?
  Of course they're not INTENDED to be able to affect anything outside, but in over 10 years, nobody has yet been able to stop them. That's called a failure. Perhaps it's time to rip that 'feature' out.
5. Re:In other news... by Anonymous Coward · 2011-08-07 00:06 · Score: 0
  
  Of course they're not INTENDED to be able to affect anything outside, but in over 10 years, nobody has yet been able to stop them.
  
  The new OS X 10.7 security model goes a long way to stopping that sort of thing. There's a good description of it in the Ars Technica review.
6. Re:In other news... by Anonymous Coward · 2011-08-07 00:11 · Score: 0
  
  DRM fucks the customer again? The hell you say!
7. Re:In other news... by abigsmurf · 2011-08-07 00:42 · Score: 2
  
  I've seen a lot of fake media files require you to purchase a licence you get a "this requires a licence, do you want to retreive it" type yes/no dialogue and only take you to a website on a yes click.
  
  I'm calling BS on your claim it does anything more than this. If MP3s were exploitable outside of encouraging you to visit a questionable site, you'd see a whole lot more malware infected MP3s sent as email attatchments. It's not unthinkable this could be exploited but I doubt it's any easier exploting that than just generally finding a vulnerability in a common codec. Especially with DEP and ASR.
8. Re:In other news... by inglorion_on_the_net · 2011-08-07 03:27 · Score: 2
  
  There line between code and data is rather fuzzy. In the end, both are big lumps of bytes that will be processed by some software, which will then cause your computer to take certain actions. The problem is that the software processing the bytes will often happily allow things to happen that would generally be considered undesirable (e.g. sending spam).
  In my view, the problem of malware is so persistent, because the vast majority of software vendors have an insecure by default approach. Software is developed in unsafe languages (allowing exploits like buffer overruns), runs on operating systems that will happily run any code they are told to run, and we are trying to secure this mess by patching the holes after they are found.
  If we wrote software in languages that were memory-safe, this would prevent attacks such as embedding executable code in data files, and getting it to run through buffer overruns. If we used whitelists for software that is allowed to run (I imagine this like the repositories in Debian/Ubuntu/..., where you can choose your own trusted providers), this would stop untrusted code from running.
  This would bring us closer to secure by default, where you would have to do extra work to make your system insecure, instead of having to constantly fight an uphill battle to keep up some semblance of security.
  
  --
  Please correct me if I got my facts wrong.
9. Re:In other news... by SuricouRaven · 2011-08-07 07:26 · Score: 1
  
  I do confess to never having encountered such a file myself, but I have heard from others who have claimed that the file infected them with some form of malware. A likely explanation would be that the website is the true location of the exploit - I imagine WMP would open IE to get the license, which means any scammer not only has a way to lure in visitors but also knows what browser they'll be using and thus what exploits to use.
  
  MP3 files are not the problem ones. It's WMA/WMV/ASF (all the same internally). The extension is merely changed to make the file look more tempting, as most pirates are looking for mp3 files. WMP doesn't use extension to identify files, so it doesn't care.
  
  As for the scripts, I think I can answer that. I actually wrote an ASF header study tool years ago, and I believe I recall it... I shall just find the specification from MS.
  
  http://download.microsoft.com/download/7/9/0/790fecaa-f64a-4a5e-a430-0bccdab3f1b4/ASF_Specification.doc
  
  That's completly useless, by the way. Microsoft has the format patented, and has threatened to sue at least one independent developer (of Virtualdub) for implimenting it without agreeing to their very restrictive (You can read it, note that is specifically prohibits releasing the source of any implimentation) license. If you go to section 3.6, script command object... there it is. Scripting support, of a very limited form. The actual script commands available are not defined by the ASF specification, but left to the specific implimentation. WMP includes at least the 'open URL' and 'open a specified media file' commands, as those are given as examples, but I don't know just how powerful ASF scripting is.
  
  Note that ASF, WMA and WMV are identical formats. The extension is merely a convenience to allow video files to be more easily told from purely audio.
10. Re:In other news... by Carnildo · 2011-08-08 09:13 · Score: 1
  
  Nobody designing data file formats is actually putting in official ways to run executable code.
  Nobody?
  
  --
  "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
It's not a virus, and require user approval by walternate · 2011-08-06 08:08 · Score: 0

First: What is described is not a virus but a trojan. And as noted in the article, in IE8 and IE9 the user will get an access prompt and specifically would have to approve it to run.

Will some click ok and run the trojan? Most probably, but that is a different kind of problem for all platforms. If I open a Word document and suddenly IE9 pop ups with an access request to run something, the answer would be no thanks.
1. Re:It's not a virus, and require user approval by nonades · 2011-08-06 09:02 · Score: 1
  
  Will some click ok and run the trojan? Most probably, but that is a different kind of problem for all platforms. If I open a Word document and suddenly IE9 pop ups with an access request to run something, the answer *should* be no thanks.
  FTFY
2. Re:It's not a virus, and require user approval by Anonymous Coward · 2011-08-06 09:03 · Score: 0
  
  I'm not so sure of that protection you ascribe to IE8 (haven't used 9)
  Websites still use attack vectors to run content without any warning at all. That I got UAC working meant nothing at all; by then the code was already executing, and you never know just how rooted you got PRIOR to UAC wanting to get beyond simple user-mode rootkitting. User-mode rootkits are just as effective stealing my info. I'm at a loss because I hadn't seen code get triggered when I explicitly removed Java; I forgot that flash 10 and plain old buffer overflows are a problem.
3. Re:It's not a virus, and require user approval by man_of_mr_e · 2011-08-06 10:04 · Score: 1
  
  That's why IE8 and 9 (in Vista and 7) have protected mode. It runs the browser in a sandbox that doesn't let the user get attacked in the way you mention (by the way, the phrase "user-mode rootkitting" is an oxymoron. A rootkit requires root access by definition.
  
  --
  If you need web hosting, you could do worse than here
4. Re:It's not a virus, and require user approval by Anonymous Coward · 2011-08-06 22:43 · Score: 1
  
  I remember working in a developer support team for a software component company
  So we were all programmers, and thus computer literate ...
  Strange mails started popping up, so we knew something was wrong ...
  Like someone in the non-technical departments was infected opening a mail from an infected friend lol
  A guy from the IT help desk comes and says: do not click on the attachments!
  Almost everyone answered something like: is it a virus? who got it? and so on ...
  Except one guy, who asked with a feeble voice: we should not click on what?
  lol
  He just got a stern look from everybody else, and an "unplug your machine from the network and wait!"
  lol
  He just had the habit of clicking on everything indiscriminately, like a noob
  Nobody's perfect I guess
  lol
Safe to open Word documents in gmail by Anonymous Coward · 2011-08-06 08:10 · Score: 0

I would have thought everyone knew by now that the safe way is to open a Word document remotely in gmail, then perhaps save it to your computer as a pdf.
1. Re:Safe to open Word documents in gmail by Anonymous Coward · 2011-08-06 08:22 · Score: 0
  
  I would have thought everyone knew by now that the safe way is to open a Word document remotely in gmail, then perhaps save it to your computer as a pdf.
  Yeah, windoze is so easy and intuitive... In GNU/Linux I just left click.
2. Re:Safe to open Word documents in gmail by SuricouRaven · 2011-08-06 08:41 · Score: 1
  
  I work in IT support. The smarter users are able to figure out the abstract concept of a file. Most of them just know that if they go to 'recent documents' all their stuff is in there. Except when it isn't. Then they call me.
Flash? by unkaggregate · 2011-08-06 08:22 · Score: 2, Insightful

The reason why the answer is no is because of hybrid document attack techniques. TT explained that in the hybrid document exploit a Flash file is embedded in Excel or Word document.
Ok Microsoft... why the hell are you allowing Flash inside Word and Excel documents in the first place?!?
1. Re:Flash? by game+kid · 2011-08-06 10:25 · Score: 1
  
  How else do you want Microsoft to support future printable YouTube videos that play right on the paper when you touch them with a pen?
  
  --
  You can hold down the "B" button for continuous firing.
2. Re:Flash? by WrongSizeGlass · 2011-08-06 11:02 · Score: 1
  
  Ok Microsoft... why the hell are you allowing Flash inside Word and Excel documents in the first place?!?
  Because exploits, um, I mean macros via JavaScript & HTML5 won't be available until Office 15.
Re:Did someone say Blackhat, retard, and Microsoft by kvvbassboy · 2011-08-06 08:24 · Score: 2

NSFW image! Mod down!
Oh Boy I can't wait by Anonymous Coward · 2011-08-06 09:25 · Score: 0

holy crap, leave the documents alone. copy them whatever, but quit destroying exe files!
it could be worse... by Anonymous Coward · 2011-08-06 09:45 · Score: 0

Of course it's not safe to open the document. It could be a "Starbuck should be a dude" rant.
It could be a "everything is an act of God is a total cop out" rant.
Will it be safe to switch on a Windows computer? by Anonymous Coward · 2011-08-06 10:01 · Score: 0

Same answer.
"and there are no 0 day vulnerabilities" by Anonymous Coward · 2011-08-06 11:01 · Score: 2, Insightful

Yes... THAT YOU KNOW ABOUT - of course, if you know about them, they're not zero-day vulnerabilities.
What a load of crap. YES there are, probably, vulnerabilities that you don't know about (I.E. zero-day vulnerabilities). NO you can't EVER say "there are no 0 day vulnerabilities", because if there are, you won't know about them until you find them! Who the fuck wrote that, anyway? A 0-day vulnerability is a vulnerability that you DON'T KNOW EXISTS.
Anyone who THINKS that there are no zero-day vulnerabilities is, statistically speaking, WRONG. There are. And therefore, yes:

If you have installed all Microsoft Office patches ... will it be safe to open a Word or Excel document? ... The answer is no.
Because a Word or Excel document could always exploit a vulnerability that you DON'T KNOW ABOUT.
That's sort of the whole fucking point, right?
Re:Did someone say Blackhat, retard, and Microsoft by Anonymous Coward · 2011-08-06 11:06 · Score: 0

Wow, I like hairy chubby women! Who's she??
Re:Did someone say Blackhat, retard, and Microsoft by Anonymous Coward · 2011-08-07 10:00 · Score: 0

Yeah, so, who works on Saturday?
(if you do, do yourself a favor and don't answer. I'll just laugh at you for working on Saturdays. suckers.)
Are Adobe .PDF files any better? by Anonymous Coward · 2011-08-08 21:49 · Score: 0

See subject-line above. They're scriptable too. Hence why, for 5++ yrs. now online, I've been telling others to TURN OFF SCRIPTING IN IT (doable in Acrobat Reader's configuration/setup), here:
http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE
Simply because it poses a MORE THAN POTENTIAL DANGER!
* Scripting ANY document poses this type of threat...
E.G.-> Heck, look @ the web today with its HTML documents being abused with javascript "everywhere" (often needlessly imo), & that in turn, abusing users!
(Scriptable documents in business have their place, but like any programming, it can be abused as a 'double-edged sword' also)
APK
P.S.=> Yes, the same goes for MS stuff, but when you use it you can press the SHIFT KEY while you open Word docs, Excel Sheets, & Access DB's to bypass autoexec macros (just like the old days in DOS to bypass autoexec.bat during bootup, processing ONLY config.sys)
... apk