Malicious Microsoft Excel or PowerPoint documents bypass Microsoft's macro security features!
This question was answered on November 2, 2001. Much of the information contained herein may have changed since posting.
Unauthorized macro files, potentially containing malicious code, can run without warning, successfully bypassing Microsoft's security features Attacker could run arbitrary code with user privileges in the following programs:
Microsoft Excel 97 for Windows
Microsoft Excel 98 for Macintosh
Microsoft Excel 2000 for Windows
Microsoft Excel 2001 for Macintosh
Microsoft Excel 2002 for Windows
Microsoft PowerPoint 97 for Windows
Microsoft PowerPoint 98 for Macintosh
Microsoft PowerPoint 2000 for Windows
Microsoft PowerPoint 2001 for Macintosh
Microsoft PowerPoint 2002 for Windows
All versions of these individual products bundled in Microsoft Office Suites
Microsoft Office applications, 2000 versions and later, have three security settings for macros The "Low" setting allows all macros to run Setting the security to "Medium" displays a warning window stating the dangers of opening documents containing Macros This pop-up allows the user to make the decision whether to enable or disable the macro Under the "High" setting, unsigned macros are disabled automatically Microsoft Office applications prior to the 2000 version had much simpler macro security models.
It has been discovered that by specifically modifying the data stream in a document file containing a macro, the Microsoft Office security settings for macros are completely bypassed in all versions of Microsoft PowerPoint and Excel products.
Microsoft has posted patches for the currently supported versions of the above listed programs at:<a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-050.asp" target="_blank"><font color="#003399">>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-050.asp</b></font></a>
NOTE: Microsoft no longer supports Office applications prior to version 2000 for Windows and 98 for Macintosh so you must upgrade in order to protect yourself from this vulnerability.
About the author
Posted by Ken Colburn of Data Doctors on November 2, 2001