Hi Dennis,
On Wednesday, 2011-08-31 18:29:02 -0700, Dennis E. Hamilton wrote:
> Oh, so it wasn't actually an MS Office file, but a spoof with a .doc filename?
I only vaguely remember, but I think it was that way.
> That would definitely be hard to catch. I'm not sure what would cause
> it to execute though.
Name it .doc and set the content type to text/html
Anyway, I'm not sure about .doc anymore, the same of course works with
.html and probably any other extension.
> Was there a condition under which the exploit
> could be made to be run while pretended to be a .doc file?
The trigger is the content type.
Eike
--
PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication.
Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3 9E96 2F1A D073 293C 05FD
|