N ews.com is reporting that a new Word (for Windows) exploit has been discovered. According to the article, a clever thief could use the exploit to steal a document from anotheris computer, though it requires a very deliberate effort. From the article:
A would-be thief would have to take extraordinary care in setting up the scenario, however, including knowing the exact location and name of the desired file as well as persuading the victim to open, modify, save and then return the Word document to the sender.
The scheme works best under Word 97, but Word 2000 and 2002 could also be conscripted into service if the attacker can persuade a victim to print the document first, a Microsoft spokesperson said.
The attack uses the INCLUDETEXT field, one of the many hidden fields embedded in Word documents, to copy text into a document opened on another computer. The file can be hidden by using a small white font to make the appended text nearly invisible.
There is additional information in the full article at News.comis Web site.