Microsoft Word 97, 98 (J), 2000 & 2002
Microsoft Works Suite 2001, 2002 & 2003
A vulnerability exists because it is possible for an attacker to craft a malicious document that will bypass the macro security model. If the document was opened, this flaw could allow a malicious macro embedded in the document to be executed automatically, regardless of the level at which macro security is set. The malicious macro could take the same actions that the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.
The vulnerability could only be exploited by an attacker who persuaded a user to open a malicious document –there is no way for an attacker to force a malicious document to be opened.