Reported June 21, 2001, by Microsoft.
Microsoft Word 2002, Microsoft Word 2000, Microsoft Word 98(J), and Microsoft Word 97
A vulnerability exists in Microsoft Word that lets an attacker modify a Word document in a way that prevents the security scanner from recognizing an embedded macro while still letting the macro execute. This vulnerability lets an attacker run a macro automatically when a user opens the document. Such a macro can take any action that the user can take, including disabling the user’s Word security settings so that the user can no longer check subsequently opened Word documents for macros.
Discovered by Steven McLeod.