Recently, there's been some discussion of getting macros to execute in MS word files. Basically, word macro protection works like this: When the doc is opened, word scans it for macros. If it doesn't find any, it opens the doc normally. So, if you can hide the macro, so that the scanner does not find it, than it will still execute. I know of two ways to do this: 1) link from an rtf 2) warp the .doc so the scanner in word does not pick up on the macros (this is in bugtraq) Now, as for my questions: 1) The Microsoft faq on this vulnerability says you can link a rtf to a template over http in other words, even if the template isn't local, as long as it is retrievable via http, it can be linke to. I have looked extensively at word 97 and word 2000, and have found no way to do this. Is Microsoft *exagerating* the extent of the vulnerability (horrors!) ? 2) Does anyone know how to warp it? No samples have been made available. Franklin DeMatto Senior Analyst, qDefense Penetration Testing http://qDefense.com qDefense: Making Security Accessible
This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 23:41:37 PDT