Office 2000 UA Control Scripting

Microsoft Office 2000 UA Control Scripting
Reported May 12 by L0pht Research Labs, @Stake

VERSIONS EFFECTED
  • Microsoft Office 2000

DESCRIPTION

The Active X control, shipped with Microsoft Office 2000, named Microsoft Office UA Control is installed by default and is categorized as being safe for scripting.  This control, while undocumented, and its interface are presumably used to script "Show Me" demonstrations for Office 2000 help and office assistant functionality. 

Analysis of the controls interface, as reported by L0pht, reveals functionality to script almost any action in Office 2000 that the user could perform from the keyboard, including lowering he macro security settings to low.  This action can be scripted from any HTML page views with active scripting enabled, including both Internet Explorer and Outlook e-mail clients in their default configurations.

DEMONSTRATION

The Microsoft Office UA control exports a powerful interface for automating commands within the Office 2000 environment.  The problem lies in the fact that the control should not be marked safe for scripting.  The ability of this control to allow for scripting via HTML or email makes it extremely dangerous.

A non-destructive demonstration is available by clicking here (will take you to L0pht.com)

VENDOR RESPONSE

Microsoft has been made aware of this problem and has provided a patch available here.

Microsoft has also released their own Security Bulletin on the issue.

CREDITS
Discovered and reported by Dildog at L0pht Research Labs

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish