Reported September 3, 2003,
by Microsoft.
VERSIONS
AFFECTED
Microsoft Works Suite
2003, 2003, and 2001
Microsoft Word 2002,
2000, 98, and 97
DESCRIPTION
A vulnerability in
Microsoft Word can result in the automatic execution of a macro. As a result of
this vulnerability, an attacker can craft a malicious document that bypasses the
macro security model. When a user opens the document, a malicious embedded macro
will execute automatically, regardless of the level at which you've set macro
security. The malicious macro can take actions that the user has permissions to
carry out, such as adding, changing, or deleting data or files; communicating
with a Web site; and formatting the hard disk.
VENDOR
RESPONSE
Microsoft has released Security Bulletin
MS03-035, "Flaw in Microsoft Word Could Enable Macros to Run Automatically
(827653)," to address this vulnerability and recommends that affected users
apply the appropriate patch mentioned in the bulletin.
CREDIT
Discovered by Jim Bassett
of
Practitioners Publishing Company.
Automatic Macro Execution Vulnerability in Microsoft Word
0 comments
Hide comments