“So much for the friendly assistant.”
“That’s the hard lesson learned after last week’s discovery of a
security hole that subverts the powerful functions of Microsoft
Office Assistant.”
“The hole, which allows an attacker to write a script that
can do anything once on a user’s computer, gets activated by
clicking on a Web page or HTML-enabled e-mail. The script can
then add or delete files.”
“Because its abilities are marked ‘safe for scripting,’ anything
is possible,” said the security researcher that found the hole, a
hacker known as “Dildog” who works for the security firm @Stake
Inc.”