Data Doctors
Recycle your Computers & Technology with us.

Macro vulnerability found in Microsoft Excel and PowerPoint!

Posted By : of Data Doctors on November 2, 2001

Follow us on Facebook   Follow us on Twitter   Follow us on LinkedIn

Let Data Doctors be your personal IT department today

Book an Appointment

Malicious Microsoft Excel or PowerPoint documents bypass Microsoft's macro security features!

This question was answered on November 2, 2001. Much of the information contained herein may have changed since posting.

Unauthorized macro files, potentially containing malicious code, can run without warning, successfully bypassing Microsoft's security features Attacker could run arbitrary code with user privileges in the following programs:

Microsoft Excel 97 for Windows

Microsoft Excel 98 for Macintosh

Microsoft Excel 2000 for Windows

Microsoft Excel 2001 for Macintosh

Microsoft Excel 2002 for Windows

Microsoft PowerPoint 97 for Windows

Microsoft PowerPoint 98 for Macintosh

Microsoft PowerPoint 2000 for Windows

Microsoft PowerPoint 2001 for Macintosh

Microsoft PowerPoint 2002 for Windows

All versions of these individual products bundled in Microsoft Office Suites

Microsoft Office applications, 2000 versions and later, have three security settings for macros The "Low" setting allows all macros to run Setting the security to "Medium" displays a warning window stating the dangers of opening documents containing Macros This pop-up allows the user to make the decision whether to enable or disable the macro Under the "High" setting, unsigned macros are disabled automatically Microsoft Office applications prior to the 2000 version had much simpler macro security models.

It has been discovered that by specifically modifying the data stream in a document file containing a macro, the Microsoft Office security settings for macros are completely bypassed in all versions of Microsoft PowerPoint and Excel products.

Microsoft has posted patches for the currently supported versions of the above listed programs at:<a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-050.asp" target="_blank"><font color="#003399">>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-050.asp</b></font></a>

NOTE: Microsoft no longer supports Office applications prior to version 2000 for Windows and 98 for Macintosh so you must upgrade in order to protect yourself from this vulnerability.

About the author

Posted by of Data Doctors on November 2, 2001

Need Help with this Issue?

We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!

Free Help

Articles & Advice

Video News

Newsletter

Approved Software

Ask a Question
Call the Repair Hotline at

855-328-2362

Newsletter

Sign up for our newsletter and get free tips and tricks to keep your computer running great!

Start by entering your
Videos In the Press
Videos In the Press
Radio Tech Tips
Radio Tech Tips

For non-tech people, find tips from us on a station nearby!

Categories
Bugs

Data Doctors
Newsletter

Subscribe Today

Customer Support Customer Support

Our customers are the most important part of our business and we empower our friendly, trained staff to spoil you. In addition, we have a dedicated Customer Support team standing by to help when needed.

If you're not satisfied, we're not done! We guarantee satisfaction.

365 Day Warranty 365 Day Warranty

We provide a 1 year warranty on new parts and computers we sell. We'll quickly diagnose and replace defective parts used during the original repair. Please keep in mind that this warranty does not cover damage you cause (such as broken screens) or water damage done to your device after the initial repair. Refurbished parts generally carry a 90 day warranty.

Satisfaction Guarantee Satisfaction Guarantee

We've been helping people with technology for nearly 30 years. We were fixing computers when break dancing was cool! We spend time with you at check-out to make sure it's exactly the way you want. Data Doctors sets the gold standard when it comes to customer satisfaction. That's why we've received more awards for customer service and satisfaction than anyone else in the business.

Book Appointment