News

New Holes Discovered In Office 97 Apps

Recently, two security vulnerabilities were discovered in Microsoft Word 97 and Microsoft Forms version 2.0 ActiveX Control, a Visual Basic for Applications (VBA) component of Office 97 and other VBA apps. The Redmond, Wash.-based company has been forthcoming in not only announcing the potential holes but patching them up.

Microsoft reports the vulnerabilities could be used by crackers to run malicious code on a user's machine without warning. The patch for the Word hole is on the company's Web site as is the one for Microsoft Forms.

Word 97 warns users when opening a document that contains macros, but Microsoft says that if that document does not contain macros but is linked to a template that does, no warning is issued. The company says a cracker could exploit this vulnerability by causing malicious code to be run without warning when a user opens a Word document attached to e-mail or on a Web-site. After installing Microsoft's patch, users will be warned before they launch a template that contains macros on templates.

A cracker could also use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a Web site set up by the cracker or opens an HTML-based e-mail created by a cracker. The patch prevents a cracker from exploiting the identified vulnerability, while not losing functionality of the Forms 2.0 Control.

In early December, Microsoft discovered similar vulnerabilities in Excel 97 that allowed crackers to exploit a user's desktop through simple HTML. Just like now, Microsoft sent out mass e-mails, informed the Computer Emergency Response Team (CERT) and posted a patch on its Web site. -- Brian Ploskina, Assistant Editor

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

  • Windows 10 Hyper-V vs. Windows Server Hyper-V: Which Platform for Which Workloads?

    The differences between these two Hyper-V versions are pretty significant, depending on what you plan to use them for. Here's a quick rundown of each platform, from their features to licensing quirks to intended use cases.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.