http://www.microsoft.com/technet/security/bulletin/MS03-035.asp

Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653)

Originally posted: September 03, 2003

Summary

Who should read this bulletin: Customers who are using Microsoft=AE Word

Impact of vulnerability: Run macros without warning

Maximum Severity Rating: Important

Recommendation: Customers who are using affected versions of Microsoft =
Word should apply the security patch immediately.

End User Bulletin:
An end user version of this bulletin is available at:=20

http://www.microsoft.com/security/security_bulletins/ms03-035.asp.=20

Affected Software:=20
- Microsoft Word 97</li>=20
- Microsoft Word 98 (J)</li>=20
- Microsoft Word 2000</li>=20
- Microsoft Word 2002</li>=20
- Microsoft Works Suite 2001</li>
- Microsoft Works Suite 2002</li>
- Microsoft Works Suite 2003</li>

Technical description:=20

A macro is a series of commands and instructions that can be grouped =
together as a single command to accomplish a task automatically. =
Microsoft Word supports the use of macros to allow the automation of =
commonly performed tasks. Since macros are executable code it is =
possible to misuse them, so Microsoft Word has a security model designed =
to validate whether a macro should be allowed to execute depending on =
the level of macro security the user has chosen.

A vulnerability exists because it is possible for an attacker to craft a =
malicious document that will bypass the macro security model. If the =
document was opened, this flaw could allow a malicious macro embedded in =
the document to be executed automatically, regardless of the level at =
which macro security is set. The malicious macro could take the same =
actions that the user had permissions to carry out, such as adding, =
changing or deleting data or files, communicating with a web site or =
formatting the hard drive.=20

The vulnerability could only be exploited by an attacker who persuaded a =
user to open a malicious document -there is no way for an attacker to =
force a malicious document to be opened.

Mitigating factors:
- The user must open the malicious document for an attacker to be =
successful. An attacker cannot force the document to be opened =
automatically.
- The vulnerability cannot be exploited automatically through e-mail. A =
user must open an attachment sent in e-mail for an e-mail borne attack =
to be successful.
- By default, Outlook 2002 block programmatic access to the Address =
Book. In addition, Outlook 98 and 2000 block programmatic access to the =
Outlook Address Book if the Outlook Email Security Update has been =
installed. Customers who use any of these products would not be at risk =
of propagating an e-mail borne attack that attempted to exploit this =
vulnerability.
- The vulnerability only affects Microsoft Word - other members of the =
Office product family are not affected.

Vulnerability identifier:  CAN-2003-0664



This email is sent to NTBugtraq automatically as a service to my =
subscribers. (v1.18)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Whatever Happened to Octopus?

LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
replication performance that's 5X faster than the competition in an
independent head-to-head test. Learn how RepliStor uses patented,
asynchronous, real-time replication, to deliver disaster recovery, data
distribution and consolidated backups. It is the first replication solution
to achieve Windows 2003 certification. Get the performance report now.

http://portal1.legato.com/products/replistor/upgrade.cfm

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo