The ability to perform script actions in applications can be a very powerful productivity tool that gives customers great flexibility in how they apply Microsoft products to solve real-world problems. However, these same technologies can be leveraged by a malicious attacker to damage a user's computer. A common scenario occurs when a malicious attacker sends an unsafe file attachment in an e-mail message. When the recipient opens the file attachment, the malicious payload is delivered. Microsoft has adopted many strategies to help protect customers from threats that could be delivered in these types of files without losing the benefits that these file types offer.
Microsoft customers should be aware that opening unsafe types of files could cause malicious damage to computer systems. These files could contain viruses or Trojan horse programs and could be used to alter or to delete information that is stored on the computer. These files could also be used to send information that is stored on a computer to other computers. We recommend that customers only open these types of files after customers verify that the sender is trustworthy and that the sender intentionally sent the file. (Customers must verify that a file was not sent by a virus that is running on the sender's computer.)
For more information about Microsoft products that include safeguards to help protect customers from unsafe file types, visit the following Microsoft Web site to obtain the Understanding Executable Content in Microsoft Products white paper:
For more information, click the following article numbers to view the article in the Microsoft Knowledge Base:
|Article number||Article title|
|883260||Description of how the Attachment Manager works in Windows XP Service Pack 2|
|291369||Information about the Unsafe File List in Internet Explorer 6, 7, or 8|
|927117||Information about the unsafe file list in Microsoft Internet Explorer 5.01 Service Pack 4|
|291387||Using virus protection features in Outlook Express 6|
|262631||OL2000: Information About the Outlook E-mail Security Update|
|829982||You may receive an "Outlook blocked access to the following potentially unsafe attachments" message in Outlook|
Important We strongly discourage customers from removing file types from the default lists.
Sometimes, Microsoft receives reports of purported security vulnerabilities because of the ability of unsafe file types to perform malicious actions. Microsoft evaluates these reports on a case-by-case basis. However, Microsoft does not categorize a specific file type as a vulnerability merely because someone used the file type for malicious purposes.
Microsoft provides the following additional guidance to help protect customers from damage that may be caused by unsafe files.
For home users, visit the following Protect Your PC Web site:
Article ID: 925330 - Last Review: Sep 30, 2011 - Revision: 1