Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Malformed Excel or PowerPoint Document Can Bypass Macro Security New
A security vulnerability exists in Microsoft Excel and PowerPoint that could allow a malicious user to generate a specially formed document containing macros that would bypass the security framework.
Issue
Excel and PowerPoint have a macro security framework that controls the execution of macros and prevents macros from running automatically. Under this framework, any time a user opens a document the document is scanned for the presence of macros. If a document contains macros, the user is notified and asked if he wants to run the macros or the macros are disabled entirely, depending on the security setting. A flaw exists in the way macros are detected that can allow a malicious user to bypass macro checking.
A malicious attacker could attempt to exploit this vulnerability by crafting a specially formed Excel or PowerPoint document with macro code that would run automatically when the user opened it. The attacker could carry out this attack by hosting the malicious file on a web site, a file share, or by sending it through email.
Affected Products
- Microsoft Excel & PowerPoint
Solution
A software patch is available and can be downloaded from the following locations:
- Microsoft Excel 2000 for Windows
- Microsoft Excel 2002 for Windows
- Microsoft Excel 98 for Macintosh
- Microsoft Excel 2001 for Macintosh
- Microsoft PowerPoint 2000 for Windows
- Microsoft PowerPoint 2002 for Windows
- Microsoft PowerPoint 98 for Macintosh
- Microsoft PowerPoint 2001 for Macintosh
Further Details
Source: Microsoft Corporation
Updated: October 4, 2001
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
