Kevin Brown kevin@kbrownfox.net wrote:
> RTF is a benign file format and does not support scripting or embedded
> HTML tags.
It does macros, and may cause exploitable buffer overflows in viewers.
You must have the MS security patches
RTF document linked to template can run macros without warning:
http://www.microsoft.com/technet/security/bulletin/ms01-028.asp
Malformed RTF Control Word:
http://www.microsoft.com/technet/security/bulletin/ms00-005.asp
installed.
Cheers,
Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
