Full title: Microsoft Office 2007 Groove Security Bypass / Code Execution Exploit 
Category: local exploits
Platform: windows
Microsoft Office 2007 Groove contains a security bypass issue regarding 'Workspace Shortcut' files (.GLK) because it allows arbitrary (registered) URL Protocols to be passed, when only 'grooveTelespace://' URLs should be allowed, which allows execution of arbitrary code upon opening a 'GLK' file.

# 0day.today @ http://0day.today/