tl;dr using an old but still valid OLE component, you can embed any exe in a word doc, convert to rich text, that then faithfully re-expands the exe onto users runtime when they open the word doc - a perfect malware delivery method that if correct has almost no defence beyond ... Plain text emails.<p>(The firewall would need to re-expand the rich text using this OLE, then scan the word doc, then repackage. Unsurprisingly nothing on market seems to. Jeez - stick to plain text)<p>One suspects that a lot of spear-phisers know about this already.
Oh, I used this in [what America would probably call] middle school to run Game Maker on school computers which didn't have it. Embed a file in a PowerPoint presentation, and bingo.
This is one of the main things I test when doing application security assessments.<p>I look at the various clients/interfaces and test each of them to see how their controls compare. It's quite often that certain clients or interfaces have far less security on them than others because it simply isn't convenient.<p>One example would be two-factor on a VPS administration page. It's on the main site, but if you download the mobile app it's password only.<p>Which means...it's password only (assuming you know how to use a proxy like Burp).<p>So important to ensure that all interfaces to your app have the same minimum requirements for security.
All these people claiming to have known this for years seem to think the trick is to embed an executable inside an Office file.<p>Well, you might want to read the article again. See now the difference?
Good god that trick still works. I used to use this on windows 3.11 and winword.exe 2.0 in high school. We had RM nimbus computers (UK horrible educational computer manufacturer) that were locked down and didn't want to run arbitrary things.<p>I found this trick, we used to play doom and rise of the triad with this and some other glue. I am surprised this trick still works so well for foxing security checkers
I am not sure I understand this issue. Only a crazy person would think they have the power to block all code entering their network. Stenography is a one sided battle.