# Word!

We show that malicious TeX, BibTeX, and METAPOST files can lead to arbitrary code execution, viral infection, denial of service, and data exfiltration, through the file I/O capabilities exposed by TeX’s Turing-complete macro language. This calls into doubt the conventional wisdom view that text-only data formats that do not access the network are likely safe. We build a TeX virus that spreads between documents on the MiKTeX distribution on Windows XP; we demonstrate data exfiltration attacks on Web-based LaTeX previewer services.

As they say “Amusingly, some advocacy documents list ‘no macro viruses’ as an advantage tex has over Word.” Which sorta runs me out of jokes.

#### 4 Comments on "Word!"

1. How could anyone use TeX seriously and not know that it is one big macro processor?