Return to My location's details | All Locations

Macro vulnerability found in Microsoft Excel and PowerPoint!

Question

Malicious Microsoft Excel or PowerPoint documents bypass Microsoft's macro security features!

Answer

This question was answered on November 2, 2001. Much of the information contained herein may have changed since posting.

Unauthorized macro files, potentially containing malicious code, can run without warning, successfully bypassing Microsoft's security features. Attacker could run arbitrary code with user privileges in the following programs:

Microsoft Excel 97 for Windows

Microsoft Excel 98 for Macintosh

Microsoft Excel 2000 for Windows

Microsoft Excel 2001 for Macintosh

Microsoft Excel 2002 for Windows

Microsoft PowerPoint 97 for Windows

Microsoft PowerPoint 98 for Macintosh

Microsoft PowerPoint 2000 for Windows

Microsoft PowerPoint 2001 for Macintosh

Microsoft PowerPoint 2002 for Windows

All versions of these individual products bundled in Microsoft Office Suites

Microsoft Office applications, 2000 versions and later, have three security settings for macros. The "Low" setting allows all macros to run. Setting the security to "Medium" displays a warning window stating the dangers of opening documents containing Macros. This pop-up allows the user to make the decision whether to enable or disable the macro. Under the "High" setting, unsigned macros are disabled automatically. Microsoft Office applications prior to the 2000 version had much simpler macro security models.

It has been discovered that by specifically modifying the data stream in a document file containing a macro, the Microsoft Office security settings for macros are completely bypassed in all versions of Microsoft PowerPoint and Excel products.

Microsoft has posted patches for the currently supported versions of the above listed programs at:<a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-050.asp" target="_blank"><font color="#003399">>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-050.asp</b></font></a>

NOTE: Microsoft no longer supports Office applications prior to version 2000 for Windows and 98 for Macintosh so you must upgrade in order to protect yourself from this vulnerability.

Author

Posted by Ken of Data Doctors on November 2, 2001

Data Doctors © 1988-2012 | Privacy | Sitemap | Personal Services | Business Services | Radio Program | Free Help Center | Franchising | About Us