This article focuses on all files that can enter a company network by many different means (web, e-mail, USB sticks, CDs, laptops, etc), most of the time without being properly filtered. Once a file is opened by a user, it can easily trigger malicious actions and put the network's security at risk.
This article describes security issues related to most common file formats on Windows: executable files, scripts, HTML, XML, MS Office, PDF, etc.
A classification of these formats according to risks is proposed, in order to distinguish innocuous formats from potential threats. It may be used to adapt a filtering policy to the system being protected.
This article also presents various technical and organizational solutions available today to be protected against these threats.
NOTE: An English version with updated content (2010) is now available here.