Forgot your password?
typodupeerror
Security IT

Black Hat Talk Demonstrates New Document Exploits 60

Posted by timothy
from the send-you-this-file-in-order-to-have-your-advice dept.
darthcamaro writes "Remember the days of the viruses embedded in email attachments? They're coming back, according to a pair of researcher talking at Black Hat this week: '"If you have installed all Microsoft Office patches and there are no 0 day vulnerabilities, will it be safe to open a Word or Excel document?" TT asked the audience. "The answer is no."'"
This discussion has been archived. No new comments can be posted.

Black Hat Talk Demonstrates New Document Exploits

Comments Filter:
  • Re:In other news... (Score:4, Interesting)

    by networkzombie (921324) on Saturday August 06, 2011 @04:27PM (#37009926)
    Your argument restricting executable code covers a variety of technologies from OLE to html email. The same reason these technologies suck is also why they are so popular. On one hand you can embed stuff and do more! On the other hand they can embed stuff and do more.
  • Re:In other news... (Score:5, Interesting)

    by SuricouRaven (1897204) on Saturday August 06, 2011 @04:40PM (#37009972)
    A lot of the time that executable code is to do shinystuff, like embed fancy animated charts in documents. One of the worst cases of all is in Windows Media, which will happily run scripts (Exploitable scripts) in media files without prompting or informing the user - and will do this based on magic bytes to identify filetype rather than extension. This lead to the proliferation of fake-mp3 malware on p2p networks. The purpose of the scripts is to allow for updating of the DRM technology and to allow for unauthorised media files to automatically direct the player to a website to purchase a licence.

I don't want to achieve immortality through my work. I want to achieve immortality through not dying. -- Woody Allen

Working...