Reported June 19, 2002, by Microsoft.
· Microsoft Excel 2002 for Windows
· Microsoft Excel 2000 for Windows
· Microsoft Office XP for Windows
· Microsoft Office 2000 for Windows
· Microsoft Word 2002 for Windows
Multiple vulnerabilities exist in Excel, Office XP, and Word for Windows, all of which enable an attacker to execute macro code on the vulnerable system. These four newly discovered vulnerabilities are:
· An Excel macro execution vulnerability that relates to how the system handles inline macros associated with objects. This vulnerability can enable macros to execute and bypass the Macro Security Model when an affected user clicks an object in a workbook.
· An Excel macro execution vulnerability that relates to how the system handles macros in workbooks when a user opens those workbooks from a hyperlink on a drawing shape. It's possible for an attacker to automatically run workbook macros so invoked.
· An HTML script execution vulnerability that can occur when a user opens an Excel workbook with an XSL stylesheet containing HTML script. An attacker can run the script within the XSL stylesheet in the local computer zone.
· A new variant of the Word Mail Merge vulnerability first addressed in Security Bulletin MS00-071 (Patch Available for "Word Mail Merge" Vulnerability). This new variant lets an attacker's macro code run automatically if the affected user has Access on the system and chooses to open a mail-merge document that the user had saved in HTML format.
The vendor, Microsoft, has released Security Bulletin MS02-031 (Cumulative Patches for Excel and Word for Windows) to address this vulnerability and recommends that affected users download and apply the appropriate patch mentioned in the bulletin. These patches are cumulative and address all previously discovered vulnerabilities in the affected products.
Discovered by the dH team, Darryl Higa, and SECURITY.NNOV.