docwhat's avatardocwhat's blog

Microsoft makes .txt files dangerous

Microsoft has finally figured out how to make opening a .txt file dangerous…

“This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file.”

Emphasis is mine.

Microsoft Security Bulletin MS11-071 (formatting is mine)

Derp!

Edit on GitHub