No Macro Warning When Opening RTF Documents New

A security vulnerability exists in the Microsoft Word products, prior to Word 2002, which could enable a macro to be run without gaining permission from the user first.

Issue

Word, like other members of the Office product family, provides a security mechanism that requires user's approval to run macros. By design, anytime a document is opened the user would be notified if the document contains macros. In addition, this mechanism checks secondary documents that the original document links to, such as templates, and warn if any of those contain macros. This feature works by scanning the document or template for the presence of macros, alerting the user of their presence, and then asking the users permission to allow the macros to run.

By embedding a macro in a template, and providing another user with an RTF document that links to it, an attacker could cause a macro to run automatically when the RTF document was opened. The macro would be able to take any action that the user could take. This could include disabling the user’s Word security settings so that subsequently-opened Word documents would no longer be checked for macros.

Affected Products

• Microsoft Word Products

Download

Patch: http://office.microsoft.com/downloads/2000/wd2kmsec.aspx

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: May 21, 2001

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<