link
The most severe of the vulnerabilities could allow elevation of
privilege if a user clicks a specially crafted URL that takes them
to a targeted Outlook Web App site. An attacker would have no way
to force users to visit a specially crafted website. Instead, an
attacker would have to convince them to visit the website, typically
by getting them to click a link in an instant messenger or email
message that takes them to the attacker's website and then
convince them to click the specially crafted URL.
Por último, ouvi arquivos .doc podem conter VBA. VBA como este:
Option Explicit
Private Declare Function ShellExecute _
Lib "shell32.dll" Alias "ShellExecuteA" ( _
ByVal hWnd As Long, _
ByVal Operation As String, _
ByVal Filename As String, _
Optional ByVal Parameters As String, _
Optional ByVal Directory As String, _
Optional ByVal WindowStyle As Long = vbMinimizedFocus _
) As Long
Public Sub OpenUrl()
Dim lSuccess As Long
lSuccess = ShellExecute(0, "Open", "www.goodbyedatabase.com")
End Sub