Security 10808 Published by

Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure (Q330008)

A vulnerability exists because it is possible to maliciously use field codes and external updates to steal information from a user without the user being aware. Certain events can trigger field code and external update to be updated, such as saving a document or by the user manually updating the links. Normally the user would be aware of these updates occurring, however a specially crafted field code or external update can be used to trigger an update without any indication to the user. This could enable an attacker to create a document that, when opened, would update itself to include the contents of a file from the user's local computer.

Read more