Title: Microsoft Excel and PowerPoint Macro Security Bypass Vulnerability
Severity: MODERATE
Description:
Microsoft Excel and PowerPoint contain a macro security feature. This feature scans a document when a user opens it to determine if there are any embedded macros. Then, depending on the security setting, the user is prompted whether or not to allow the macro to run, or the macro is bypassed automatically.
A malformed Excel or PowerPoint document could potentially bypass this macro security feature, allowing the macro code to be executed without the user's knowledge. This could allow an attacker to embed malicious code within the malformed macro and having it execute on the target host. This code would run with the permissions of the user currently logged in.
The malformed document containing the macro must still be opened by the user in order for the macro to execute.
Affected Products:
- Microsoft Excel 2000
- Microsoft Excel 2001 for Mac
- Microsoft Excel 2002
- Microsoft Excel 98 for Mac 0.0.0
- Microsoft Office 2000
- Microsoft Office 2001 For Macintosh
- Microsoft Office 2001 For Macintosh SR1
- Microsoft Office XP
- Microsoft PowerPoint 2000
- Microsoft PowerPoint 2001 for Mac 0.0.0
- Microsoft PowerPoint 2002
- Microsoft PowerPoint 98 for Mac 0.0.0
References:
- Microsoft: Microsoft Security Bulletin MS01-050
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
