{"id":36893,"date":"2014-07-28T14:56:13","date_gmt":"2014-07-28T21:56:13","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=36893"},"modified":"2025-08-17T20:38:36","modified_gmt":"2025-08-18T03:38:36","slug":"dropping-files-temp-folder-raises-security-concerns","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/","title":{"rendered":"Dropping Files Into Temp Folder Raises Security Concerns"},"content":{"rendered":"<p>Recently, the McAfee <a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2\">Advanced Exploit Detection System (AEDS)<\/a> has delivered some interesting RTF files to our table. These RTFs have executables &#8220;attached&#8221; to the documents. Usually, some words in the documents try to convince users to click and run the attachments. The following figure shows the point at which a user clicks on the attachment.<br \/>\n<a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/malicious_rtf_click_to_open.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-36894 \" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/malicious_rtf_click_to_open.png\" alt=\"malicious_rtf_click_to_open\" width=\"813\" height=\"635\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/malicious_rtf_click_to_open.png 868w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/malicious_rtf_click_to_open-300x234.png 300w\" sizes=\"auto, (max-width: 813px) 100vw, 813px\" \/><\/a><\/p>\n<p><em>This warning appears when a user tries to execute the attached malware.<\/em><\/p>\n<p>Because there are strong warnings, we don&#8217;t see these threats as a problem. However, we strongly suggest users not run any of the files attached to these documents. McAfee antivirus products already provide detection against this type of attack.<\/p>\n<p>Our story doesn&#8217;t end here. Just as we used AEDS to <a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/tracking-pdf-usage-poses-a-security-problem\">discover a potential security issue in PDFs,<\/a> we have identified a suspicious (or maybe &#8220;interesting&#8221;) behavior while opening such an RTF: The attached file was dropped into the temporary folder of the current user (typically, in C:\\Users\\&lt;username&gt;\\AppData\\Local\\Temp). The following figure shows the file reader.exe after it is dropped in the temporary folder for the particular RTF sample.<br \/>\n<a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/showing_temp_file11.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-36916\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/showing_temp_file11.png\" alt=\"showing_temp_file1\" width=\"641\" height=\"439\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/showing_temp_file11.png 641w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/showing_temp_file11-300x205.png 300w\" sizes=\"auto, (max-width: 641px) 100vw, 641px\" \/><\/a><\/p>\n<p><em>The file Reader.exe is dropped into the current user&#8217;s temporary folder when the RTF is opened.<\/em><\/p>\n<p>We observed this behavior on Windows 7 and 8 with or without Office installed. (Using WordPad to open the RTF is enough to trigger the behavior.) We didn\u2019t see the behavior on Windows XP.<\/p>\n<p>The file is dropped through the &#8220;Package&#8221; ActiveX Control. The format looks like this:<br \/>\n<a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/rtf_key_structure.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-36899\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/rtf_key_structure.png\" alt=\"rtf_key_structure\" width=\"716\" height=\"270\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/rtf_key_structure.png 716w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/rtf_key_structure-300x113.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/rtf_key_structure-699x265.png 699w\" sizes=\"auto, (max-width: 716px) 100vw, 716px\" \/><\/a><\/p>\n<p><em>The &#8220;Package&#8221; ActiveX Control is invoked by the RTF.<\/em><\/p>\n<p>The registry information for the &#8220;Package&#8221; ActiveX Control:<\/p>\n<p style=\"padding-left: 30px;\">CLSID: {F20DA720-C02F-11CE-927B-0800095AE340}<br \/>\nProgID: Package<br \/>\nInProcServer32: %SystemRoot%\\system32\\packager.dll<\/p>\n<p>During our tests, we observed the following:<\/p>\n<ul>\n<li>The filename as well as the content of the dropped file are controlled by the RTF<\/li>\n<li>Opening the RTF document is enough to trigger this behavior; no additional user interaction is required<\/li>\n<li>If the filename already exists in the temporary folder, the malware will drop as &lt;filename&gt; (2).&lt;ext&gt;. The current file will not be overwritten.<\/li>\n<li>When the document is closed, the dropped file is removed<\/li>\n<\/ul>\n<p>This behavior allows anyone to drop an arbitrary file with an arbitrary filename into the temporary folder when the RTF document is opened. This certainly raises security concerns. The best practice for temporary files is to create unique filenames, such as using random filenames or creating an application-specific directory under the temporary folder. For example, Adobe Reader 11 uses the directory acrord32_sbx <em>(C:\\Users\\&lt;username&gt;\\AppData\\Local\\Temp\\acrord32_sbx)<\/em> for its various temporary file operations.<\/p>\n<h2><strong>How could an attacker abuse this behavior?<\/strong><\/h2>\n<p>Because most applications and the operating system frequently use the temporary folder and we don&#8217;t know how each program uses each temporary file, answering the question is difficult. Here are some thoughts.<\/p>\n<ul>\n<li>In some conditions, an application runs an executable from the temporary folder as long as the file exists. Certainly, opening the RTF could be dangerous in such conditions. This also applies to DLLs. In the real world, we expect that these conditions are infrequent. Instead, most applications will first create the executable or DLL (or overwrite it if the file is already there), and then run it.<\/li>\n<li>DLL-preloading problems. Some applications may create an executable in the temporary folder and execute it. In this situation, when the .exe has <a href=\"https:\/\/support.microsoft.com\/kb\/2389418\/en-us\">DLL-preloading problems<\/a>, it will search for that named DLL in the temporary folder. If a DLL with the same name is placed in the temporary folder, the DLL will be loaded right away.<\/li>\n<li>Applications may rely on some specifically named nonexistent non-executable files for operations. When such a file is placed in the temporary folder, it may change the application&#8217;s behavior or program flow, bringing future security problems.<\/li>\n<\/ul>\n<p>We call these situations vulnerable temp folder access. With the aid of the vulnerable temp folder access from other programs, an attacker could abuse this behavior to run arbitrary code on the victim\u2019s system.<\/p>\n<p>A typical attacking scenario would include the following steps:<\/p>\n<ul>\n<li>The attacker sends an RTF file to the victim.<\/li>\n<li>The victim opens it, and one or more specific files are dropped into the temp folder.<\/li>\n<li>If another program is accessing the temp folder in one of the vulnerable ways we discussed, code execution may occur automatically at this point. The document could contain some social-engineering text to convince the victim to perform future apparently safe actions, such as running legal applications.<\/li>\n<li>If the victim follows these instructions, successful exploitation may occur if the user action triggers one of the vulnerable accesses we discussed.<\/li>\n<\/ul>\n<p>Therefore, to attack successfully, another program\u2019s vulnerable access to the temp folder is a must. Sometimes the attack might require additional user interactions, sometimes not.<\/p>\n<h2><strong>Are any attackers trying to exploit this behavior?<\/strong><\/h2>\n<p>It&#8217;s hard to tell. A successful exploitation requires the attacker to learn, prior to the attack, whether the target has a vulnerable temp folder access as well as the details. Thus from an analyst&#8217;s point of view, examining the RTF samples is usually not enough to understand the attacker\u2019s intention. For example, an RTF dropping Reader.exe into the temp folder could be just a \u201cclick to run\u201d trick, or it could be an exploitation attempt of this behavior if the attacker knows that the target is running some programs accessing the Reader.exe in the temp folder in a vulnerable way.<\/p>\n<p>We have seen some in-the-wild malicious RTFs drop files with \u201cinteresting\u201d names:<\/p>\n<p style=\"padding-left: 30px;\">CEH.exe<br \/>\ndu.sfx.exe<br \/>\nFINCEN~2.EXE<br \/>\ninicio.bat<br \/>\ninv_875867001426_74653003.cpl<br \/>\npastelyearendguidedm (3).exe<br \/>\nQUICKSHIPPINGDUEINVOICE.exe<br \/>\nReader.exe<br \/>\ntest.vir<\/p>\n<p>Advanced persistent threats usually consist of learning the targets well before the attack occurs. We recommend to organizations with concerns about this issue to specially focus on sophisticated targeted attacks.<\/p>\n<h2><strong>Keeping safe<\/strong><\/h2>\n<p>If users always open RTFs with Microsoft Word, there is a workaround to disable the &#8220;Package&#8221; ActiveX Control through the Office kill bit. We have found that the problem is solved in Office by setting the following registry key\/value.<\/p>\n<p style=\"padding-left: 30px;\"><code>Windows Registry Editor Version 5.00<br \/>\n[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Office\\Common\\COM Compatibility\\{F20DA720-C02F-11CE-927B-0800095AE340}]<br \/>\n\"Compatibility Flags\"=dword:00000400<br \/>\n<\/code><\/p>\n<p>However, the preceding workaround won\u2019t work for users who employ WordPad to open RTF documents. As we have said many times for document-based exploits, the best practice is to not open documents from untrusted sources. Close the document as soon as possible when you find it\u2019s suspicious, and don&#8217;t follow any actions suggested in the document. These steps can reduce the chance of success of a potential attack.<\/p>\n<p>Our investigation of suspicious behavior when handling RTF documents in Windows and Office shows that exploitation is not only about memory corruption or a single application or system; it&#8217;s a far broader concept. The breadth of exploitation poses challenges to organizations and security companies. McAfee is committed to meeting those challenges.<\/p>\n<p><em>Thanks to Bing Sun, Chong Xu, Jun Xie, and Xiaoning Li (of McAfee Labs) for their help with this research and investigation.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have&#8230;<\/p>\n","protected":false},"author":610,"featured_media":217336,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[10667,10661,13],"tags":[1411,1814,124],"coauthors":[2524],"class_list":["post-36893","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","category-internet-security","category-privacy-identity-protection","tag-advanced-persistent-threats","tag-computer-security","tag-global-threat-intelligence"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Dropping Files Into Temp Folder Raises Security Concerns | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Dropping Files Into Temp Folder Raises Security Concerns | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2014-07-28T21:56:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-18T03:38:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/malicious_rtf_click_to_open.png\" \/>\n\t<meta property=\"og:image:width\" content=\"868\" \/>\n\t<meta property=\"og:image:height\" content=\"678\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Haifei Li\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Haifei Li\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/\"},\"author\":{\"name\":\"Haifei Li\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444\"},\"headline\":\"Dropping Files Into Temp Folder Raises Security Concerns\",\"datePublished\":\"2014-07-28T21:56:13+00:00\",\"dateModified\":\"2025-08-18T03:38:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/\"},\"wordCount\":1165,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/08\/shutterstock_2371217063-1.jpg\",\"keywords\":[\"advanced persistent threats\",\"computer security\",\"global threat intelligence\"],\"articleSection\":[\"Security News\",\"Internet Security\",\"Privacy &amp; Identity Protection\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/\",\"name\":\"Dropping Files Into Temp Folder Raises Security Concerns | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/08\/shutterstock_2371217063-1.jpg\",\"datePublished\":\"2014-07-28T21:56:13+00:00\",\"dateModified\":\"2025-08-18T03:38:36+00:00\",\"description\":\"Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/08\/shutterstock_2371217063-1.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/08\/shutterstock_2371217063-1.jpg\",\"width\":614,\"height\":409,\"caption\":\"Convert PDF files with online programs. Users convert document files on a platform using an internet connection at desks. concept of technology transforms documents into portable document formats.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Internet Security\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Dropping Files Into Temp Folder Raises Security Concerns\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444\",\"name\":\"Haifei Li\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/88c52c07fcacd190468a32af554e5f36\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g\",\"caption\":\"Haifei Li\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/haifeili\/\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/haifei-li\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Dropping Files Into Temp Folder Raises Security Concerns | McAfee Blog","description":"Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Dropping Files Into Temp Folder Raises Security Concerns | McAfee Blog","og_description":"Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables","og_url":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2014-07-28T21:56:13+00:00","article_modified_time":"2025-08-18T03:38:36+00:00","og_image":[{"width":868,"height":678,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/malicious_rtf_click_to_open.png","type":"image\/png"}],"author":"Haifei Li","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Haifei Li","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/"},"author":{"name":"Haifei Li","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444"},"headline":"Dropping Files Into Temp Folder Raises Security Concerns","datePublished":"2014-07-28T21:56:13+00:00","dateModified":"2025-08-18T03:38:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/"},"wordCount":1165,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/08\/shutterstock_2371217063-1.jpg","keywords":["advanced persistent threats","computer security","global threat intelligence"],"articleSection":["Security News","Internet Security","Privacy &amp; Identity Protection"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/","url":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/","name":"Dropping Files Into Temp Folder Raises Security Concerns | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/08\/shutterstock_2371217063-1.jpg","datePublished":"2014-07-28T21:56:13+00:00","dateModified":"2025-08-18T03:38:36+00:00","description":"Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/08\/shutterstock_2371217063-1.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2025\/08\/shutterstock_2371217063-1.jpg","width":614,"height":409,"caption":"Convert PDF files with online programs. Users convert document files on a platform using an internet connection at desks. concept of technology transforms documents into portable document formats."},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/internet-security\/dropping-files-temp-folder-raises-security-concerns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Internet Security","item":"https:\/\/www.mcafee.com\/blogs\/internet-security\/"},{"@type":"ListItem","position":3,"name":"Dropping Files Into Temp Folder Raises Security Concerns"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444","name":"Haifei Li","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/88c52c07fcacd190468a32af554e5f36","url":"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g","caption":"Haifei Li"},"sameAs":["https:\/\/www.linkedin.com\/in\/haifeili\/"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/haifei-li\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/36893","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/610"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=36893"}],"version-history":[{"count":4,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/36893\/revisions"}],"predecessor-version":[{"id":220053,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/36893\/revisions\/220053"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/217336"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=36893"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=36893"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=36893"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=36893"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}