Comment Some clarification (Score 5, Informative) 529
1) IMHO the emphasis on Word97 is wrong. I originally tested this on Word2000 and it worked perfectly.
2) I was not out to find yet another M$ bug. I was using Word for my daily work when I stumbled onto this. It was one of those "I wonder what this button does" things.
3) The vulnerability is actually a lot more serious than the AP and bugtraq posts reveal. There is actually a way to skip the last step where the victim returns the bugged file. In other words, just editing and saving (or printing) the bugged file is sufficient. Look for a new bugtraq post early next week.
2) I was not out to find yet another M$ bug. I was using Word for my daily work when I stumbled onto this. It was one of those "I wonder what this button does" things.
3) The vulnerability is actually a lot more serious than the AP and bugtraq posts reveal. There is actually a way to skip the last step where the victim returns the bugged file. In other words, just editing and saving (or printing) the bugged file is sufficient. Look for a new bugtraq post early next week.
