Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Word .asd Macro File Execution Vulnerability

Microsoft Word .asd Macro File Execution Vulnerability

by platon on June 1st, 2001 A flaw exists in Word which could allow macros to execute without the user's knowledge. Word does not check .asd files for macros. Therefore; if an .asd file exists in the default location for AutoRecover files, upon opening Word the macros will execute without prompting the user.


The following exploit has been provided by
Steven McLeod <[email protected]>.

"For Windows 98 users, simply copy this file to your temp directory (typically c:windowstemp) and rename it to
original.asd and the next time you load Microsoft Word (by double clicking on any existing word document or just loading the Word executable to create a new document) you will find that original.asd is loaded and its macros are
automatically executed!"

Download the exploit

Discovered/rediscovered and notified Securityfocus via email by Steven McLeod on May 23, 2001.

[Homepage]



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »