Silverlight and Microsoft Office are two quite different products produced by our favourite multinational software company. Together their powers combine showing what could happen when you let people upload Word or PowerPoint files to your website. Microsoft Office documents can contain hidden files that will get past your average virus scanner, and won't be noticed while they sit on your SharePoint server. They could also contain Silverlight applications, meaning an attacker can cross all kinds of domain boundaries, and have the word document execute in your browser. This was done as part of the research for TechEd with Andy Prow from Aura Software Security.