Word!
We show that malicious TeX, BibTeX, and METAPOST files can lead to arbitrary code execution, viral infection, denial of service, and data exfiltration, through the file I/O capabilities exposed by TeX’s Turing-complete macro language. This calls into doubt the conventional wisdom view that text-only data formats that do not access the network are likely safe. We build a TeX virus that spreads between documents on the MiKTeX distribution on Windows XP; we demonstrate data exfiltration attacks on Web-based LaTeX previewer services.
“Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer.,” By Stephen Checkoway, Hovav Shacham, and Eric Rescorla, In Proceedings of LEET 2010. USENIX, Apr. 2010.
As they say “Amusingly, some advocacy documents list ‘no macro viruses’ as an advantage tex has over Word.” Which sorta runs me out of jokes.
That’s why I use troff.
How could anyone use TeX seriously and not know that it is one big macro processor?
I suspect most TeX users are not serious users.
This isn’t really news. Someone named Keith Allen McMillan got a master’s thesis out of a virus in TeX in 1994:
ftp://ftp.cerias.purdue.edu/pub/doc/viruses/KeithMcMillan-PlatformIndependantVirus.ps
It’s said that troff could support viruses too, but nobody is expert enough to actually make one work.