-Caveat Lector-
-------- forwarded messages --------
From: Bill Perkins <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Thu, 28 Jan 1999
Subject: APPs: Word97 Macro Nightmare
Fellow Listmembers:
I felt that this is definitely worth sharing:
(from an informative newsletter that I receive weekly)
-----Quote begins--->
Patch for a serious security bug in Microsoft Word 97
http://www.microsoft.com/security/bulletins/ms99-002.asp
Here is the stuff MSFT won't tell you about this bug: If you
have Office installed, and you use Internet Explorer to view
an infected Web page, that page -- without your knowledge, or
any action on your part -- can wreak havoc on your system.
It can drop a virus, delete a folder, scramble data, send
your tax files to Timbuktu... anything. Similarly, if you
use Outlook 98 or later to view an infected HTML message,
that message -- with no action on your part - can do anything
to your system. (This is one MORE reason to install windows
WITHOUT IE !) --Terry Blount
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Fred Langa" <[EMAIL PROTECTED]>
Date: Mon, 25 Jan 1999
Subj: 1-25-99 LangaList
If it's not One Bug...
Microsoft released this note about a Word 97 security glitch
this week:
"The Word 97 Template Security Patch addresses a
vulnerability that allows malicious code to be run without
warning when a user opens a Word 97 document. Currently, when
you open a Word document that contains macros, you receive a
warning message asking whether or not you want to enable the
macros. However, if a document that doesn't contain macros is
linked to a template that contains macros, you do not receive
a warning message. A hacker could exploit this vulnerability
by causing malicious code to be run without warning when a
user visits a Web site or opens a Word document attached to
an e-mail message. This malicious code could be used to
damage data on a user's system."
Note that this only affects Word 97.
Microsoft has released a patch that plugs the security hole
while allowing normal use of macros and templates. If you're
running Word97, grab the patch at:
http://officeupdate.microsoft.com/downloaddetails/wd97sp.htm
-----------------------
...It's Another
Are you running
Microsoft Office 97
Microsoft Outlook 98
Microsoft Project 98
Microsoft Visual Basic 5.0
Any third-party product that includes Visual Basic for
applications 5.0?
If so, you also have a security hole.
You can tell if you're affected by going to your
\Windows\System; see if you have the file Fm20.dll there.
If you do, right click on it and check the properties.
If the file date of your FM20.dll file is earlier than
January 11, 1999 you need an updated version. With the older
versions, a malicious programmer can use a security hole in
the DLL to read information stored in your clipboard.
You can get the update at:
http://officeupdate.microsoft.com/downloadDetails/fm2paste.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For those of you who'd like to subscribe to the MS Security Bulletin
go to <http://www.microsoft.com/security/services/subscribe.asp> and
click on the mailto.
They have two new patches available regarding these two new problems:
MS99-002: Patch Available for "Word 97 Template" Vulnerability.
(January 21, 1999)
MS99-001: Patch Available for exposure in Forms 2.0 TextBox Control
that allows data to be read from user's Clipboard. (January 21, 1999)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DECLARATION & DISCLAIMER
==========
CTRL is a discussion and informational exchange list. Proselyzting propagandic
screeds are not allowed. Substance�not soapboxing! These are sordid matters
and 'conspiracy theory', with its many half-truths, misdirections and outright
frauds is used politically by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credeence to Holocaust denial and
nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html
http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
