Reported May 21, 2001, by Microsoft.

VERSIONS AFFECTED

  • Microsoft Word 97, 98(J) and 2000

DESCRIPTION
By embedding a macro into a template and providing another user with a Rich Text Format (RTF) document that links to the template, an attacker can cause macros to run automatically when the user opens the RTF document. The macro can take any action that the user can take (e.g., disabling the user's Word security settings, so that in subsequently opened Word documents, Word no longer checks for macros).

 

VENDOR RESPONSE

The vendor, Microsoft has acknowledged this vulnerability and recommends that users immediately apply the patch contained in Security Bulletin MS01-028.

 

CREDIT
Discovered by Microsoft.