Whats wrong with the way Microsoft Word checks macro security?
There is a flaw in the way that Word assesses macro security when a document is opened that could allow the macro security checks to be bypassed under certain circumstances. What could this vulnerability enable an attacker to do? This vulnerability could enable an attacker to create a malicious document that could allow a macro to run automatically, if an attacker persuaded a user to open the specially-crafted document. This could allow an attacker to take any action on the system that the user can take, including adding, changing, or deleting data, running other programs, or formatting the hard disk. What could the macro do? The macro could take any action that the user can take. This would include adding, changing, or deleting files, communicating with a Web site, reformatting the hard disk, and so forth. A macro also could change the user’s macro security level. This could include disabling macro protection. As a result, if the user were attacked by means of this vulnerability, the
