Jul 25, 2013 Freebies on Friday! Editable, printable bulletin board borders! Paste the image in Microsoft Word. However, if you need to create one offline, using Microsoft Word is one of the most common solutions. Word has a very simple interface, tools and a collection of templates that will make everything very easy to understand, even if you've never used the software before. Follow these few steps to make your poster in minutes. Security Bulletin Microsoft Security Bulletin MS01-028 - Critical RTF document linked to template can run macros without warning Published: May 21, 2001| Updated: July 24, 2003 Version: 1.4 Originally posted: May 21, 2001 Updated: July 24, 2003 Summary Who should read this bulletin: Customers using Microsoft速 Word for Windows or Microsoft Word for the Mac Impact of vulnerability: Run macros without warning Recommendation: Customers using affected versions of Word should apply the patch immediately. Affected Software: • Microsoft Word 97 • Microsoft Word 2000 • Microsoft Word 98 (J) • Microsoft Word 98 for the Mac • Microsoft Word 2001 for the Mac Note: Microsoft Word 2002 is not affected by this vulnerability. General Information Technical details Technical description: Word, like other members of the Office product family, provides a security mechanism that requires user's approval to run macros. By design, anytime a document is opened the user would be notified if the document contains macros. In addition, this mechanism checks secondary documents that the original document links to, such as templates, and warn if any of those contain macros. This feature works by scanning the document or template for the presence of macros, alerting the user of their presence, and then asking the user if he wants to allow the macros to run. By embedding a macro in a template, and providing another user with an RTF document that links to it, an attacker could cause a macro to run automatically when the RTF document was opened. The macro would be able to take any action that the user herself could take. This could include disabling the user's Word security settings so that subsequently-opened Word documents would no longer be checked for macros. Mitigating factors: • The vulnerability only affects Word. Other Office products are not affected. • The vulnerability does not occur when opening Word documents, only when opening RTF documents, and even then only when the RTF document is linked to a template. Vulnerability identifier: Tested Versions: Microsoft tested Word 2000, Word 97, Word 98 (J), and Word 98/Word 2001 for the Mac to assess whether they are affected by this vulnerability. Microsoft Word 2002 will not be affected by this vulnerability. Previous versions are no longer supported and may or may not be affected by this vulnerability. Frequently asked questions What's the scope of the vulnerability? This vulnerability could enable an attacker to create a document that, when opened in Word, would run a macro without asking for the user's permission. Macros are able to take any action the user is capable of taking, and as a result this vulnerability could give an attacker an opportunity to take actions such as changing data, communicating with web sites, reformatting the hard drive or changing the Word security settings. ![]() The vulnerability only affects Word - other members of the Office product family are not affected - and only when Rich Text Format documents are open. The vulnerability does not exist when opening Word documents. ![]() ![]() ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2018
Categories |