CSRF with MS Word Our attack vector is found in exploiting MSWord's frame capabilities: By creating malicious frames in a document and pointing them to a malicious URL, we can exploit multiple, persistent (well almost, this is limited) CSRF vulnerabilities (and possibly the browser).
See: http://michaeldaw.org/md-hacks/csrf-with-msword/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/