Yes, there are several ways to execute code from Word locally, many
obscure or even completely undocumented (and a few probably completely
unintentional). However I don't see the need to inundate bugtraq with the
lists of them that are being submitted, as they do not in and of
themselves constitute a risk. If people have specific examples of
scenarios where a lock-down procedure or product fails to block access to
something that is supposed to be blocked, that is a different matter, but
please do not submit things that only give you the same access level you
already have :)
Thank you,
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
