Stilgar
9th October 2001, 19:26
Along the lines of the virus tips. From a CERT notifacation.
<Start>
CERT Advisory CA-2001-28 Automatic Execution of Macros
Original release date: October 08, 2001
Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
Systems running:
* Windows
+ Microsoft Excel 2000
+ Microsoft Excel 2002
+ Microsoft PowerPoint 2000
+ Microsoft PowerPoint 2002
* Macintosh
+ Microsoft Excel 98
+ Microsoft Excel 2001
+ Microsoft PowerPoint 98
+ Microsoft PowerPoint 2001
Overview
An intruder can include a specially crafted macro in a Microsoft
Excel or PowerPoint document that can avoid detection and run
automatically regardless of the security settings specified by the
user.
I. Description
Microsoft Excel and PowerPoint scan documents when they are opened
and check for the existence of macros. If the document contains
macros, the user running Excel or PowerPoint is alerted and asked
if he would like the macros to be run. However, Microsoft Excel and
PowerPoint may not detect malformed macros, so a user can
unknowingly run macros containing malicious code when opening an
Excel or PowerPoint document.
An intruder who can entice or deceive a victim into opening a
document using a vulnerable version of Excel or PowerPoint could
take any action the victim could take, including, but not limited
to
* reading, deleting, or modifying data, either locally or on open
file shares
* modifying security settings (including macro virus protection
settings)
* sending electronic mail
* posting data to or retrieving data from web sites
For more information, please see
http://securityresponse.symantec.com/avcenter/security/Content/
2001.10.04.html
http://www.microsoft.com/technet/treeview/default.asp?url=/tech
net/security/bulletin/MS01-050.asp
<Snip>
<Start>
CERT Advisory CA-2001-28 Automatic Execution of Macros
Original release date: October 08, 2001
Last revised: -- Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
Systems running:
* Windows
+ Microsoft Excel 2000
+ Microsoft Excel 2002
+ Microsoft PowerPoint 2000
+ Microsoft PowerPoint 2002
* Macintosh
+ Microsoft Excel 98
+ Microsoft Excel 2001
+ Microsoft PowerPoint 98
+ Microsoft PowerPoint 2001
Overview
An intruder can include a specially crafted macro in a Microsoft
Excel or PowerPoint document that can avoid detection and run
automatically regardless of the security settings specified by the
user.
I. Description
Microsoft Excel and PowerPoint scan documents when they are opened
and check for the existence of macros. If the document contains
macros, the user running Excel or PowerPoint is alerted and asked
if he would like the macros to be run. However, Microsoft Excel and
PowerPoint may not detect malformed macros, so a user can
unknowingly run macros containing malicious code when opening an
Excel or PowerPoint document.
An intruder who can entice or deceive a victim into opening a
document using a vulnerable version of Excel or PowerPoint could
take any action the victim could take, including, but not limited
to
* reading, deleting, or modifying data, either locally or on open
file shares
* modifying security settings (including macro virus protection
settings)
* sending electronic mail
* posting data to or retrieving data from web sites
For more information, please see
http://securityresponse.symantec.com/avcenter/security/Content/
2001.10.04.html
http://www.microsoft.com/technet/treeview/default.asp?url=/tech
net/security/bulletin/MS01-050.asp
<Snip>