- Recommend:
- 0 Comments
Word Bug Can Permit Malicious Macros
Downloadable fix can swat bug that allows planting of potentially dangerous macros.
A flaw in several versions of Microsoft Word allows malicious macros to duck Word's security features and make possibly devastating changes to a PC.
The vulnerability affects Word 97, 2000, 2002, the Japanese version of Word 98, and Word for Macintosh 98 and 2001. Someone could exploit the vulnerability by performing what Microsoft calls "low-level editing" on a Word document to disguise the malicious macros and prevent Word's macro checker from detecting them, Microsoft officials acknowledge. A macro is a small script used to automate tasks, such as formatting.
Microsoft has posted a patch, along with a security bulletin, for this vulnerability. The flaw was discovered by Steven McLeod.
It is similar to another Word macro vulnerability discovered in May. Microsoft characterized that bug as "mild."
The earlier vulnerability occurred when a user opened an RTF file that referenced a template containing an embedded macro. The bug permitted the macro to run without warning the user, possibly making some changes to Word. It affected only Word 97 and later versions, and only certain RTF documents. Microsoft issued a patch for that bug as well.
Word Usually Watches Macros
Typically, Word alerts a user upon opening a document containing macros, and offers the option to run or disable them. Word also automatically checks for macros in any linked documents, including templates, within a document. But this bug disables that function, so a user wouldn't know that a malicious macro was present or had run. Such a macro could take any action that a user could, including changing or deleting files, contacting a Web site, disabling security settings, or even reformatting a hard drive, Microsoft says.
Users could access an affected Word document from a floppy disk, a Web page, or an attachment via e-mail.
Microsoft says this bug affects only Word, not other Office components. The Outlook Express security update, which is included with Word 2002, is protected from e-mail worms and would also protect users from a Word document with a malicious macro.
Macros have long been the province of annoying, but usually not terribly destructive, viruses.
Would you recommend this story? YES NO
- Recommend:
- 0 Comments
-
ThinkPad Edge E420 Lenovo Style in an Affordable Package
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad X120e One of the best netbooks ever, X120e has the best netbook keyboard ever--nothing else comes close
Buy now direct from Lenovo
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.
-
News Your Way: 10 News Aggregation Apps for Android
-
zAPPed Makes Your iOS Gadgets Part of the Board Game
-
Put Linux on a USB Drive, Bypass Windows Updates
-
Customize Your Desktop With Open-Source Utility Rainmeter
-
Sony PlayStation Vita: Powerful Handheld Gaming
-
VLC 2.0 Release Candidate Is Here; Android and iOS Versions Soon
-
Egg Timer Plus Keeps You on Schedule
-
eM Client: Affordable Alternative to Microsoft Outlook
-
Relive the Joys of Amiga With WinUAE
-
Love and Romance in Game On Podcast #6
-
Valentines for Your Sweetheart Window 7 Theme
-
Hang Your Favorite Photos at a Virtual Museum
Ad Choices