Bugtraq mailing list archives

(New ?) Macro security hole in Word 97

From: Bongard.Dominique () PMINTL CH (Bongard, Dominique)
Date: Fri, 21 Jul 2000 09:46:45 +0200


Hi,

I find something very annoying yesterday, and I found no reference about it
on security lists. So I will share it here.

System used: NT4.0, word97
Temp directory: C:\temp

What I did is create a word document with an AutoOpen macro.
I then saved the file in the temp and renammed it in :

C:\temp\Auto_Recovery_Of_something.asd

I then closed the session.

When the next user on my station opened word, the file was automatically
opened, and the macro executed without asking for any confirmation.

Has anyone ever heard of this one ?

Dominique Bongard

----------------------------------------------------------
"They that can give up liberty to obtain a little temporary safety deserve
neither liberty or safety" Benjamin Franklin

Current thread:

[COVERT-2000-08] O'Reilly WebSite Professional Overflow, (continued)
- - - [COVERT-2000-08] O'Reilly WebSite Professional Overflow COVERT Labs (Jul 19)
    - Security Fix for Blackboard CourseInfo 4.0 aleph1 () securityfocus com (Jul 19)
    - [TL-Security-Announce] wu-ftpd TLSA2000014-1 Joe Little (Jul 19)
    - @stake iKey 1000 Security Advisory Kingpin (Jul 20)
    - Re: @stake iKey 1000 Security Advisory Darren Reed (Jul 20)
    - Security Update: DoS on gpm Technical Support (Jul 20)
  - Biometrics conference Farrow, Rik (Jul 17)
  - Re: CheckPoint FW1 BUG Brian Krahmer (Jul 17)
    - Re: CheckPoint FW1 BUG Nicolas FISCHBACH (Jul 18)
    - [Paper] Format bugs. Pascal Bouchareine (Jul 18)
    - (New ?) Macro security hole in Word 97 Bongard, Dominique (Jul 21)
    - Re: (New ?) Macro security hole in Word 97 Bronek Kozicki (Jul 22)
    - Jakarta-tomcat.../admin Scott Morris (Jul 21)
    - StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 21)
    - [RHSA-2000:044-02] Updated PAM packages are available. bugzilla () REDHAT COM (Jul 21)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 21)
    - Roxen security alert: Problems with URLs containing null characters. Peter Bortas (Jul 21)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Brett Glass (Jul 21)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Brett Glass (Jul 25)
    - Re: StackGuard with ... Re: [Paper] Format bugs. mixter (Jul 24)

(Thread continues...)