Office 97 still hackable


Microsoft has announced ù and filled ù two more holes in Office 97.

The first is a gap in Word's macro execution security. Normally, when you open a Word document that contains macros, the program warns you of their presence and gives you the option of disabling the macros. Unfortunately, if the document contains no macros but is linked to a template file that does, Word simply skips the warning and runs the template file's macros willy-nilly. Someone who wants to exploit this lapse could create nasty files, links, and macros and attach them to an e-mail message or Web page (something Microsoft says no one has done yet). To protect your system, download and install the 96KB Word 97 Template Security Patch from officeupdate.microsoft.com/downloaddetails/wd97sp.htm.

A second security hole seems less critical. Office 97 and several other Microsoft applications come with an ActiveX control called Forms 2.0 Control that lets you create custom dialogue boxes in your applications. Due to a flaw, the control also allows hackers to read the contents of your Windows Clipboard. You can download a 658KB patch at officeupdate.microsoft.com/downloaddetails/fm2paste.htm. (Both patches are on this month's cover CD.)

- Scott Spanbauer


Category: Bugs and fixes
Issue: May 1999

These Web pages are produced by Australian PC World © 1999 IDG Communications