“Experts question robustness of Windows scripting system
after discovery of hole that lets intruders break in via ‘back
door.’ “
“So much for the friendly assistant. That’s the hard lesson
learned after last week’s discovery of a security hole that
subverts the powerful functions of Microsoft Office Assistant.”
“The hole, which allows an attacker to write a script that can
do anything once on a user’s computer, gets activated by clicking
on a Web page or HTML-enabled e-mail. The script can then add or
delete files. “Because its abilities are marked ‘safe for
scripting,’ anything is possible,” said the security researcher
that found the hole, a hacker known as “Dildog” who works for the
security firm @Stake Inc.”