mailing list archives
Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
From: Milan Kopacka <mkop5230 () MAIL KOLEJ MFF CUNI CZ>
Date: Tue, 19 Sep 2000 06:18:54 +0200
On Mon, 18 Sep 2000, Microsoft Security Response Center wrote:
If anyone can devise a compelling exploit scenario for this issue --
one that would allow a malicious user to exploit it without the user's
consent -- we'd be most interested in investigating it.
If the user downloads an archive file (ZIP, ...) containing several files
including this DLL and some Office files, he will likely extract them all
to one directory. He may then open the Office files from this directory
without checking the other files hanging around.