Word URL autolaunch

Michael Daw is at it again. In September SANS reported on his report of a vulnerability in Adobe Reader and Adobe Professional whereby an external webpage could be opened without further user interaction if a user opens a malicious PDF document.
Now, SANS is reporting on a similar vulnerability he accessed through IFRAMEs in Microsoft Word.
Michael’s website is not accessible right now. I remember checking out the sample pdf files on his site back in September.

One Comment

  1. Myspace-qucktime-zango phishing worm

    Several sites are reporting a worm infecting Myspace profiles and attempting to phish passwords through the use of javascript in Quicktime files. The vulnerability sounds similar to the Word URL autolaunch vulnerability or the same problem in Adobe. An…

Comments are closed.