Macintosh Security Site -> Microsoft Security Bulletin MS01-028 RTF document linked to template can run macros without warning

Site Information

	About this site
	Site Background
	Who runs the site
	Advertising
	Security Consulting
	Employment/Jobs
	Feedback Form

SecureMac Software

	MacScan
	PrivacyScan

Mac OS X Security

	Root Shell in 4 steps with setuid apps
	sudo buffer overflow exploit + fix
	Disable Single User Boot Mode
	Malevolence - Dumping Passwords
	nidump security
	Startup Security - Open Firmware Password Protection

Mac OS X Network Security

	OpenSSH for Mac OS X
	SAINT
	Secure FTP Wrapper
	Ettercap - sniffer interceptor logger
	Snort - Network Intrusion Detection System
	SSH Admin
	SSH Helper
	xnu - enable MAC Address spoofing

Mac OS X Virus

Virex for Mac OS X - Command Line Scanner

Mac OS X Firewalls

	BrickHouse Firewall Utility
	Firewalk Firewall Utility
	NetBarrier X

Mac OS X App Sec.

Timbuktu OS X Preview Security Advisory + Fix

Mac OS X Encryption

	LittleSecrets
	Crypt for Mac OS X
	GPGMail - PGP Functionality

Mac OS X DoS

Mac OS X CGI Flaw

SecureMac Library

	Data Loss Prevention & Recover
	Mac Cable Modem Security
	Mac Security Auditing
	Mac OS X Security Understanding
	Mac OS X Security Second Lessons
	Mac OS X Security Third Lesson
	Mac OS X Single User Mode Root Access
	Mac OS X Shareware Firewalls
	Mac OS X Secure Installation
	Cable & DSL Connections - Security Measures
	Better Safe than Sorry
	Apple.com Security Resources
	Marketing Macintosh Security Programs

Microsoft Security Bulletin MS01-028
RTF document linked to template can run macros without warning
Vendor: Microsoft

Microsoft Security Bulletin MS01-028
Security Bulletin Issued by Microsoft May 21, 2001

The following is the list of vulnerable products:
        Microsoft Word 98 for the Mac
        Microsoft Word 2001 for the Mac

Summary:
When Microsoft Word opens a RTF (Rich Text Format) file that contains a link to a template, only the RTF file is checked for macros. When a a macro is embedded into the template file that was opened from a link in the RTF file an attacker could set the macro to run automatically and execute commands without your authorization - you even knowing it.

Macros have the ability to run any command that the user would be able to run, from pasting text that says "j00 are 0wn3d" 3000 times to modifying the user's security preferences in word so future documents aren't checked for macros!

Patches/Fixes

        Microsoft Word 98 for the Mac:
        English Download BinHqx Format
        Japanese Download BinHqx Format
        Microsoft Word 2001 for the Mac:
        Office 2001 for Mac Service Release 1

For more instructions about the Mac OS versions of this security flaw visit Microsoft's website

Facts About This Vulnerability:
From the Microsoft Security Bulletin
The vulnerability only affects Word. Other Office products are not affected.
The vulnerability does not occur when opening Word documents, only when opening RTF documents, and even then only when the RTF document is linked to a template.

What Is a Template:
From the Microsoft Security Bulletin
A template can be thought of as a skeleton document. For instance, a template of a research paper might define the needed styles, include pre-built headers and footers, and include any required boilerplate text. When a user needs to create a new research paper, she could use the template as a foundation upon which to develop her actual paper.

What Could the Macro Do?
From the Microsoft Security Bulletin
The macro would be able to take any action that the user herself could take on her machine. This would include adding, changing or deleting files, communicating with a web site, reformatting the hard drive, and so forth.

It’s worth noting that a macro also could change the user’s security setting. This could include disabling macro protection. As a result, if the user were attacked via this vulnerability, one of the outcomes could be that the user’s security settings would be reduced, and other macros that normally would be stopped by Word would now be able to run.

FEEDBACK TIME!

Enter Email Address:

Enter your message:

Select Either of These Two Buttons

*from the Microsoft Document Mentioned and Linked to Above

Security + OS

	AtEase
	DiskLock
	PowerBook Security Control Panel
	Empower Pro
	FileGuard
	FreeGuard
	FoolProof
	Deus Lock Master
	OnGuard
	Keys Off
	LockOut
	MacOS Algorithm
	Modem Security
	Password Key
	PGPuam
	PPF
	Shift Key Suite
	Stealth Signal
	SuperLock Lite
	SuperLock Pro
	Web-Confidential

Macintosh Viruses

	Agax 1.3
	Disinfectant
	Sophos Anti-Virus
	Norton AntiVirus Nav 7 Nav 6 Nav X
	Virex - Oct
	VirusBarrier - Netupdate
	vScan - Discontinued.

Mac Physical Security

SecurityWare

Macintosh Firewalls

	ContentBarrier
	DoorStop Firewall
	Firewall Q & A
	IPNetSentry
	NetBarrier
	Norton Personal Firewall

Mac Spyware & Privacy

	TypeRecorder
	Monitorer
	NetShred - Delete Files Safely

Network Security

	AppleTalk
	MacAnalysis
	Oyabun Tools
	WDTech RAE
	ToolDaemon

Application Security Issues

	America Online
	AIM - AOL Instant Messenger
	Back Orifice
	Eudora E-Mail Client
	Internet Configure
	IE 5.1, OE 5.1, Powerpoint, Excel Vulnerability
	MS Personal webServer
	NetBus
	Outlook Express 4.5 Password Flaw
	SubSeven
	Sub7ME Server

Resource Info

	ResEdit
	AppleShare Server Info

Mac OS Encryption

	Enigma
	EnScript
	FGP
	FileTwister
	ForgotIt?
	GenPass
	MacLockSmith
	My-Privacy
	My Secret
	PGPi
	PGPhone
	PGP Personal
	PGP Freeware
	PowerCrypt-dev
	Private File
	Quick Encrypt
	SubRosa Utilities
	Tresor

Deleting Files

	Burn 2.5
	Eraser Pro
	ShredIt

Backups

Tri-BACKUP

Apple Hardware

Apple LaserWriter

MacOS DoS

	GrouchySmurf
	Mac Attack