Excel or PowerPoint Document Can Bypass Macro Security

Thanks to NTCompatible for this one. Excel and PowerPoint have a macro security framework that controls the execution of macros and prevents macros from running automatically. Under this framework, any time a user opens a document the document is scanned for the presence of macros. If a document contains macros, the user is notified and asked if he wants to run the macros or the macros are disabled entirely, depending on the security setting. A flaw exists in the way macros are detected that can allow a malicious user to bypass macro checking.

A malicious attacker could attempt to exploit this vulnerability by crafting a specially formed Excel or PowerPoint document with macro code that would run automatically when the user opened it. The attacker could carry out this attack by hosting the malicious file on a web site, a file share, or by sending it through email.

Impact of vulnerability: Run code of attacker's choice.

Recommendation: Customers using affected versions of Excel and/or PowerPoint should apply the patch immediately.

Affected Software:

  • Microsoft Excel 2000 for Windows

  • Microsoft Excel 2002 for Windows

  • Microsoft Excel 98 for Macintosh

  • Microsoft Excel 2001 for Macintosh

  • Microsoft PowerPoint 2000 for Windows

  • Microsoft PowerPoint 2002 for Windows

  • Microsoft PowerPoint 98 for Macintosh

  • Microsoft PowerPoint 2001 for Macintosh

    View: MS Technet security bulletin

  • Report a problem with article
    Next Article

    Pocket PC 2002 Ready for Takeoff

    Previous Article

    Intel warns of black screen of death

    -1 Comments - Add comment