Microsoft warns of PowerPoint, Excel vulnerabilities

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/storyba/0,4125,NAV47_STO64507,00.html

By JAIKUMAR VIJAYAN 
October 05, 2001

Microsoft Corp. is warning users of a security hole in its popular
Excel and PowerPoint software that could let malicious attackers take
control of a victim's computer.

The vulnerability affects Microsoft Excel 2000 and 2002 for Windows
and PowerPoint 2000 and 2002 for Windows, as well as various versions
of the software for the Macintosh platform, according to a Microsoft
advisory posted Thursday.

Patches for the affected software are available immediately and should
be applied as soon as possible, Microsoft said in its advisory.

The vulnerability exists in the way macros are detected in PowerPoint
and Excel documents, according to the company.

Macros are basically small pieces of code in applications such as
PowerPoint and Excel that automate certain tasks, such as finding and
replacing text, on behalf of the user.

In the past, attackers have created malicious macros capable of
deleting or changing files or moving them to different locations, and
have hidden the code in PowerPoint and Excel documents.

To deal with this threat, Microsoft has for sometime included a
functionality in both applications that scans for the presence of
macros in all PowerPoint and Excel documents. The feature alerts users
if a macro is detected, allowing the user to decide whether to permit
the macro to be executed.

The vulnerability allows users to create PowerPoint and Excel
documents that skirt this protection and allows macros to execute
automatically without user permission, said Motoaki Yamamura, a senior
development manager with Cupertino, Calif.-based Symantec Corp.
security response team.

As a result, a cracker could create and send PowerPoint and Excel
documents which, when opened, would cause malicious code to run in the
background without the victim's knowledge.

Because users aren't alerted to the presence of a macro in such
malformed documents, "They might feel secure, when in reality they are
not," Yamamura said.

It would require an attacker with a good understanding of the software
and how Microsoft file formats are structured to exploit the hole,
Yamamura said.

The vulnerablity was first brought to Microsoft's notice about two
months ago by Symantec.

News of the latest hole comes, ironically enough, one day after
Microsoft rolled out a companywide program called Strategic Technology
Protection Program, which is aimed at making it easier for
corporations to secure their Windows environments



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.