Vulnerability

    Word

Affected

    Word

Description

    Steven McLeod  found following.   When you  open a  Microsoft Word
    document which contains macros, the default security level  causes
    MS Word to  pop up a  message box stating  "This document contains
    macros, which could  be a virus"  and allows the  user to "Disable
    macros" or "Enable macros".

    Alternatively, if  the user's  macro security  is set  to the most
    secure  setting  (requiring  macros  to  be  signed) all untrusted
    macros will automatically be stripped out from the document.

    This macro security feature of MS Word (in Office 2000 and  Office
    97) can be  trivially bypassed by  a malicious document,  allowing
    macro code in the document to  be run when the document is  opened
    without prompting  the user  or notifying  them that  the document
    contains macros.  Furthermore, the macro will be run without  user
    knowledge even if  the user's security  setting is at  the highest
    setting (automatically strip out untrusted macros).

Solution

    Take a look at:

        http://www.microsoft.com/technet/security/bulletin/MS01-034.asp