It's possible to spoof executable report file. Password hash is leaked during failed logon attempt.
vulners.com/securityvulns/securityvulns:doc:17203
vulners.com/securityvulns/securityvulns:doc:17205