I have a user whose version of wrod is saving a document that she received as
a DOCX into DOTX format.. is there a threat that causes thie behavior? I
remember some old Word payloads works by exploiting template behavior.
I think you're confusing a couple of things. The old exploit was based on the
fact that early versions of Word wouldn't allow macros to be saved in documents,
only in templates. So a malicious macro would be saved in a template, which
would then be renamed with a .doc extension to disguise it. More recent versions
allow macros to be saved in either templates or documents, but also have a very
intrusive mechanism that does its best to discourage anyone from running any
macros. :-(
In Office 2007, macros cannot be saved at all in .docx or .dotx files -- if you
want to save macro code, you must specify a .docm or .dotm format.
So the answer is no, it isn't a threat or an exploit (or if it is, then it's a
really inept attempt). That said, I don't know what it is, other than possible
pilot error.
