CVE-1999-0354

Vulnerability

Microsoft Word 97 fails to display a security warning when a user opens a document that does not itself contain macros but is linked to a template that contains executable macros. This affects Internet Explorer 4.x or 5.x, and Outlook, when the client views a malicious email message or visits a web site controlled by an attacker. The vulnerability is present in Word 97 and is addressed by the patch referenced in MS99-002 [1].

Exploitation

An attacker can send a specially crafted Word document as an email attachment (viewed via Outlook) or host it on a web site (viewed via Internet Explorer). The document does not contain macros directly but is linked to a template that includes malicious Visual Basic macro code. When the user opens the document, Word 97 runs the macro without any warning because the document itself does not contain macros [1].

Impact

Successful exploitation allows arbitrary macro execution on the client machine. The macro can damage or retrieve data from the user's system, potentially leading to full system compromise under the user's privileges [1].

Mitigation

Microsoft released a patch for Word 97 that warns users before launching a document based on a template containing macros. The patch is available for download via the Microsoft Security Bulletin MS99-002 [1]. No workarounds are described for unpatched systems.