Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (New ?) Macro security hole in Word 97

From: Jimmy_Kuo () NAI COM (Kuo, Jimmy)
Date: Fri, 21 Jul 2000 16:36:14 -0700

For a little information into what .asd files are, see:

http://support.microsoft.com/support/kb/articles/Q77/5/33.ASP

Word97 will fetch .asd files from both the directory noted by your TEMP
environment variable, as well as the directory you set in Word via
Tools/Options/FileLocations/AutoRecoverFiles.

The file name quoted below is not necessary.  Only that the extension needs
to be .asd.  And such files will bypass the Macro Virus Protection checkbox
offerred by Word.

To not have auto* macros execute when this or any other DOCs are opened,
create a singular autoexec macro in a document named noauto.dot in the
STARTUP directory containing:

Public Sub MAIN()
   WordBasic.DisableAutoMacros 1
End Sub

This and many other techniques can be found in my paper, Free Macro
AntiVirus Techniques, which can be found all over the web (except at our own
website), one such location being:

http://ourworld.compuserve.com/homepages/kenbechtel/free_en.htm

Jimmy Kuo
McAfee Fellow


-----Original Message-----
From: Bongard, Dominique [SMTP:Bongard.Dominique () PMINTL CH]
Sent: Friday, July 21, 2000 12:47 AM
To:   BUGTRAQ () SECURITYFOCUS COM
Subject:      (New ?) Macro security hole in Word 97

Hi,

I find something very annoying yesterday, and I found no reference about
it
on security lists. So I will share it here.

System used: NT4.0, word97
Temp directory: C:\temp

What I did is create a word document with an AutoOpen macro.
I then saved the file in the temp and renammed it in :

C:\temp\Auto_Recovery_Of_something.asd

I then closed the session.

When the next user on my station opened word, the file was automatically
opened, and the macro executed without asking for any confirmation.

Has anyone ever heard of this one ?

Dominique Bongard


----------------------------------------------------------
"They that can give up liberty to obtain a little temporary safety deserve
neither liberty or safety" Benjamin Franklin
Previous By Date Next
Previous By Thread Next

Current thread: