Microsoft KB Archive/330008

= Flaw in Word fields and Excel external updates may lead to information disclosure =

Article ID: 330008

Article Last Modified on 4/19/2007

-

APPLIES TO


 * Microsoft Excel 2002 Standard Edition
 * Microsoft Word 2002 Standard Edition
 * Microsoft Word 2000 Standard Edition
 * Microsoft Word 97 Standard Edition
 * Microsoft Word X for Mac
 * Microsoft Word 2001 for Mac
 * Microsoft Word 98 for Macintosh
 * Microsoft Word 98 Standard Edition

-



This article was previously published under Q330008



SYMPTOMS
Microsoft Word and Microsoft Excel provide a mechanism through which data from one document can be inserted into, and updated in, another document. This mechanism, known as field codes in Word and external updates in Excel, can be automated for the user's ease. For example, Word field codes can be used to automatically insert a standard disclaimer paragraph in a legal document. Excel external updates can be used to automatically update a chart in one spreadsheet by using data in a different spreadsheet.

However, it is possible to maliciously use field codes and external updates to secretly steal information from a user. Certain events can trigger the external update and the field code to be updated: for example, when the user saves a document or manually updates the links. Typically, the user is aware of these updates when they occur. However, a specially crafted field code or external update can be used to trigger an update without any indication to the user. This can permit an attacker to create a document that, when opened, updates itself to include the contents of a file from the user's local computer.

For an attacker to take advantage of this vulnerability, the attacker needs to:
 * 1) Create a Word or Excel document that exploits the vulnerability.
 * 2) Deliver it to the user through e-mail or some other method.
 * 3) Entice the user to open the document.

Then, the user must typically return the document to the attacker for the attack to work successfully.

However, note that Microsoft is aware of one case in which it is not even necessary for the user to do this. By the method used in this case, the attacker's document can post information directly to a Web site, although it permits only the first line of the file to be sent.



Word 2002
If you use Word 2002, apply the Word 2002 patch. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

329748 Description of the Word 2002 Service Pack 2 update: October 16, 2002

Excel 2002
If you use Excel 2002, apply the Excel 2002 patch. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

329750 XL2002: Overview of Excel 2002 SP-2 Update: October 16, 2002

Word 2000
If you use Word 2000, apply the Word 2000 patch. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

329749 WD2000: Overview of the Word 2000 SR-1 Update: October 16, 2002

Word 97 and the Japanese version of Word 98 for Windows
If you use Word 97 or the Japanese version of Word 98 for Windows, apply the Word 97 and the Japanese version of Word 98 for Windows patch. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

330080 WD97: Word 97 Is Vulnerable to Security Issues That Are Documented in MS02-059

Word X for Mac, Word 2001 for Macintosh, Word 98 Macintosh Edition
For information about obtaining patches for the Macintosh versions of Microsoft Word, visit the following Microsoft Web site:

http://www.microsoft.com/mac/resources/resources.aspx?pid=resourcekits&rk=officex&article=/mac/download/misc/make_office_current.xml



STATUS
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed in the &quot;Applies to&quot; section of this article.



MORE INFORMATION
For more information about these vulnerabilities, visit the following Microsoft Web site:

http://www.microsoft.com/mac/downloads.aspx

Additional query words: security_patch MS02-059:

Keywords: kbhotfixserver kbqfe kbfield kbqfe kbbug kbfix kbofficexppresp2fix kbsecbulletin kbsecurity kbsecvulnerability KB330008

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.