Security Home > General Software > Microsoft Office
Flaw in Microsoft Word Could Enable Macros New
A flaw in Microsoft Word 97, 98, 2000, 2002 and Microsoft Works 2001, 2002, 2003 could allow documents to run macros automatically bypassing the normal security restrictions.
Buffer Overrun in WordPerfect Converter New
A security flaw exists in the WordPerfect converter included with the Microsoft Office and Works suites that could allow an attacker to run the code of their choice by persuading a user to open a malicious WordPerfect document.
Flaw in Visual Basic for Applications New
A buffer overrun exists in the Microsoft Visual Basic for Applications SDK which is included with a large number of Microsoft products. If exploited successfully it could allow an attacker to execute code of their choice in the context of the logged on user.
Unchecked buffer in Microsoft Access Snapshot Viewer New
A security vulnerability exists in the Microsoft Access 97, 2000 and 2002 Snapshot Viewer which could allow an attacker to execute code of their choice by persuading a user to open an affected document
E-mail Header Processing Flaw in Outlook 2002 New
A security vulnerability exists in Microsoft Outlook 2002 which could allow an attacker to send a specially malformed e-mail header which would cause the client to fail.
Flaw in Word Fields and Excel External Updates New
A security vulnerability exists in Microsoft Word and Excel which could enable an attacker to create a document that, when opened, would update itself to include the contents of a file from the user's local computer.
Cumulative Patches for Excel and Word for Windows New
Microsoft has released a cumulative patch that eliminates four newly discovered vulnerabilities all of which could enable an attacker to run Macro code on a user's machine. The attacker's macro code could take any actions on the system that the user was able to.
Malformed Network Request can cause Office v. X for Mac to Fail New
A security vulnerability exists in the network-aware anti-piracy mechanism of Office X for Mac OS X that could allow a malicious user to cause Office to fail with the loss of any unsaved data.
Malformed Excel or PowerPoint Document Can Bypass Macro Security New
A security vulnerability exists in Microsoft Excel and PowerPoint that could allow a malicious user to generate a specially formed document containing macros that would bypass the security framework.
Malformed Word Document Could Enable Macro to Run Automatically New
A security vulnerability exists in the Microsoft Word products which could allow a specially crafted macro to be executed without first gaining the users permission.
No Macro Warning When Opening RTF Documents New
A security vulnerability exists in the Microsoft Word products, prior to Word 2002, which could enable a macro to be run without gaining permission from the user first.
PowerPoint File Parsing Vulnerability New
A security vulnerability exists in Microsoft® PowerPoint 2000 which could allow a user to construct a PowerPoint file that, when opened, could potentially run code on the reader’s system.
Word Mail Merge Vulnerability
A security vulnerability exists in Microsoft® Word 2000 and 97 which could allow a malicious user to run arbitrary code on a victim's computer without their approval.
Microsoft Office HTML Object Tag Vulnerability
A security vulnerability exists in Microsoft Office 2000 programs which could allow a Hypertext Markup Language (HTML) file that contains a Data object tag to crash a Microsoft Office 2000 program and potentially run arbitrary or malicious code.
Excel REGISTER.ID Function Vulnerability
A security vulnerability exists in Microsoft® Excel 97 and Excel 2000 which could allow a malicious user to run code from an Excel worksheet without the user's knowledge.
Office HTML Script and IE Script Vulnerabilities
Two vulnerabilities have recently been discovered, one affecting Microsoft Office 2000 and PowerPoint 97, and the other affecting Internet Explorer 4.01 Service Pack 2 and higher. The effect of both vulnerabilities are the same -- they could allow a malicious web site operator to cause code of his choice to run on the computer of a visiting user.
Office 2000 UA Control Vulnerability
A security vulnerability exists in Microsoft® Office 2000 products which could allow a malicious web site operator to take inappropriate action on the computer of a user who visited his web site.
Excel Text Macro Vulnerability
A security vulnerability exists in Microsoft® Excel which could allow a macro to run without generating the expected security warning.
Malformed Conversion Data Vulnerability
A security vulnerability exists in a utility that converts Japanese, Korean and Chinese Word 5 documents to more-recent formats which could allow arbitrary code to be executed on a machine that opened a specially modified document.
Excel Symbolic Link Vulnerability
Two vulnerabilities exist in Microsoft® Excel 97 and 2000 that could allow macros to run without warning under certain conditions.
Office ODBC Vulnerabilities
Security vulnerabilities in the Microsoft® Jet database engine which could allow a database query to take virtually any action on a user's computer.
Excel 97 Virus Warning Vulnerabilities
Vulnerabilities exist in the Microsoft® Excel 97 virus warning mechanism that could be misused to bypass the warning mechanism.
Word 97 Template Vulnerability
A vulnerability exists in Word 97 which could permit macros to run without warning the user when opening a document based on a template containing macros. A malicious hacker could exploit this vulnerability to cause malicious macro code to be run without warning the user.
Excel CALL Function Vulnerability
A vulnerability exists in Microsoft® Excel® that could allow certain types of executables to be run without a warning to the user. A legitimate Excel function, CALL, allows executables to be run from a worksheet. If the executable called by the function is of a malicious nature, a worksheet containing this function could represent a security risk to customers.
Unwanted Data Issue with Office 98 for the Macintosh
When Office 98 for Macintosh creates a file on the local hard disk drive for storage, it is possible that a small amount of random data from a previously deleted file could become embedded in the new file. If sent to another user it may be possible to expose data from a previously deleted file on the sender's system.