|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
Description |
Several versions of Microsft Word, Excel, and Works Suite contain a flaw that may allow a malicious user to bypass Macro security. The issue is triggered when a user is tricked in to opening a document by a malicious website because Internet Explorer automatically launches the helper application, which is installed by Microsoft Office. It is possible that the flaw may allow Excel to run Macros at the same security level as the current user, and in Word there is a buffer overflow condition that will allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.
|
|
Classification |
Unknown or Incomplete
|
|
Technical |
A security vulnerability exists in Microsoft Excel that could allow malicious code execution. This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. If an affected spreadsheet was opened, this vulnerability could allow a malicious macro embedded in the file to be executed automatically, regardless of the level at which the macro security is set. The malicious macro could then take the same actions that the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.
A security vulnerability exists in Microsoft Word that could allow malicious code execution. This vulnerability exists due to to the way Word checks the length of a data value (Macro names) embedded in a document. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed. If successfully exploited, an attacker could then take the same actions as the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.
Mitigating factors:
If a user of Office 97 or Office 2000 has installed the Office Documentation Open Confirm Tool, the user will always get a "file open" warning dialog box when trying to open an Office document using Internet Explorer. For Office XP and Office System 2003 this "file open" warning dialog box is enabled by default.
These vulnerabilities could only be exploited by an attacker who persuaded a user to open a malicious file - there is no way for an attacker to force a user to open a malicious file.
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released patches to address this vulnerability.
|
|
Products |
|
Word
 |
2000 |
97 |
2002 |
98(J) |
Works Suite
|
2001 |
2002 |
2004 |
2003 |
Excel
|
2000 |
2002 |
97 |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
