incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eike Rathke <>
Subject Re: [ooo-user] was RE: [Was: Re: [Discussion]]
Date Thu, 01 Sep 2011 15:07:04 GMT
Hi Dennis,

On Wednesday, 2011-08-31 18:29:02 -0700, Dennis E. Hamilton wrote:

> Oh, so it wasn't actually an MS Office file, but a spoof with a .doc filename?

I only vaguely remember, but I think it was that way.

> That would definitely be hard to catch.  I'm not sure what would cause
> it to execute though.

Name it .doc and set the content type to text/html
Anyway, I'm not sure about .doc anymore, the same of course works with
.html and probably any other extension.

> Was there a condition under which the exploit
> could be made to be run while pretended to be a .doc file?

The trigger is the content type.


 PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication.
 Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3  9E96 2F1A D073 293C 05FD

View raw message