Hidden Macros Make Excel, PowerPoint Vulnerable

Microsoft Corp. on Thursday warned that macros hidden in some Excel or PowerPoint documents could bypass built-in security measures and enable an attacker to execute arbitrary code on a victims PC.

Both affected programs have a security feature that is supposed to prevent macros from executing automatically by scanning documents for the presence of a macro. If a macro is found, the user if notified and asked whether he wants to run it.

However, a flaw in the way the macros are detected could enable an attacker to bypass this feature and create a macro that would run automatically once the document is opened.

This could be accomplished by e-mailing such a document to a user or hosting the file on a Web site.

Although mass-mailing viruses such as the Love Bug and worms such as Nimda have garnered most of the headlines of late, some of the most damaging viruses in the history of the Internet have been macro viruses. Before the popularity of e-mail exploded in the 1990s, macros were the preferred delivery method of virus writers.

The Melissa virus, possibly the most prolific virus of all time, was contained in macros embedded in Microsoft Word and Excel documents, as were several variants and copycat versions of it.

Microsoft has issued a patch for this latest vulnerability, which affects both Windows and Macintosh versions of Excel and PowerPoint.