[11181] in bugtraq
Re: word 97 macrovirus protection problem
daemon@ATHENA.MIT.EDU (Nick FitzGerald)
Thu Jul 29 16:22:18 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <199907290211.WAA16224@hpdmraaa.compuserve.com>
Date: Thu, 29 Jul 1999 14:03:53 +1200
Reply-To: nick@virus-l.demon.co.uk
From: Nick FitzGerald <nick@VIRUS-L.DEMON.CO.UK>
X-To: BUGTRAQ@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199907280909.MAA02499@www.usis.bkc.lv>
> I have not checked this with Word '97, but I know that MS Word 6.0
> has a macro checker template downloadable from Microsoft web site,
> which basically does the same thing as the Word '97 macro
> protection feature. I noted that the Word 6.0 template did not
That is a "generous" evaluation, to say the least. There are many
more weaknesses in that approach than in the Word 97 one.
> check files opened via recent files menu, i.e. via File | 1 or 2
> etc. Maybe Word'97 feature has the same shortcomings.
No -- Word 97 "correctly" checks files opened via the Word MRU and
via the OS MRU (the "Documents" entry on the Start menu). Correctly,
that is, within Word's own limitations of what files it elects to
ignore warning of macro content. Word 97 will not warn you of macros
in files in the user and workgroup template, and Startup, folders.
There may be others...
Word will also not warn you that you are attaching a template
containing macros -- I had a bizarre discussion with a programmer on
the Office 2K team about why this could be a problem. He eventually
saw my point after realizing that macro viruses can (and do) use
other than the AutoExec macro (which is not run when attaching a
template).
Regards,
Nick FitzGerald
