Reported May 21, 2001, by Microsoft.
VERSIONS AFFECTED
-
Microsoft Word 97, 98(J) and 2000
DESCRIPTION
By
embedding a macro into a template and providing another user with a Rich Text
Format (RTF) document that links to the template, an attacker can cause macros
to run automatically when the user opens the RTF document. The macro can take
any action that the user can take (e.g., disabling the user's Word security
settings, so that in subsequently opened Word documents, Word no longer checks
for macros).
VENDOR RESPONSE
The vendor, Microsoft has acknowledged this vulnerability and recommends that users immediately apply the patch contained in Security Bulletin MS01-028.
CREDIT
Discovered
by Microsoft.
0 comments
Hide comments