Clown of The Month writes: A vulnerability in Internet Explorer that was discovered almost 3 years ago by cyber_flash, is now demonstrated by security researcher Aviv Raff to automate an exploit of a new vulnerability in Adobe Reader.
The old vulnerability allows an attacker to download and open an executable file in an application associated to a different extension. The new vulnerability allows an attacker to execute arbitrary code from remote when opening a manually downloaded PDF file.
Combining both vulnerabilities, it is now possible to execute code from remote by clicking on a link in IE7, as shown in a video created by Raff.
superglaze writes: "Looking through an article on the Series 60 office suite Quickoffice, I noted a claim by a company executive that OpenOffice users usually save their documents in a Microsoft (eg..doc) format (hence no plans at Quickoffice to support.odf). I guess I can see the rationale for this — it helps if you're sending a document to an MS-using company — but what's the general/.-user's experience of this?"