Word 97 Template Vulnerability

A vulnerability exists in Word 97 which could permit macros to run without warning the user when opening a document based on a template containing macros. A malicious hacker could exploit this vulnerability to cause malicious macro code to be run without warning the user.

Issue

A standard safety feature of Word 97 is that it warns users when a document containing macros is opened; however, if that document does not itself contain macros, but rather is linked to a template that does contains macros, no warning is issued. A malicious hacker could exploit this vulnerability to cause malicious macro code to run without warning if a user opens a Word document attached to an email sent by the malicious hacker, or if the user opens a Word document on a web site controlled by the malicious hacker. This malicious macro could possibly be used to damage or retrieve data on a user's system.

Affected Products

• Microsoft Word 97

Download

Patch: http://officeupdate.microsoft.com/downloaddetails/wd97sp.htm

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: January 21, 1999

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<