Software flaws could affect millions

Topeka Capital-Journal, The, Aug 1, 1999

The Associated Press

SEATTLE -- Flaws in the Microsoft Office software suite could be used by pranksters or cybercrooks through e-mail or rogue Web sites to retrieve, alter or erase data in millions of computers.

Some newer Compaq and Hewlett-Packard computers that can be upgraded automatically over the Internet also contain flaws that could be similarly exploited, but only over the Web, security experts have found.

Attempts to take advantage of either set of vulnerabilities wouldn't be detected or prevented by antivirus software but there is no evidence that such mischief has occurred, said Russ Cooper of Lindsay, Ontario.

Cooper, who runs a Windows NT security mailing list called NTbugtraq, said Microsoft developers expect to have an Office fix ready as early as Tuesday.

Andrew Dixon, group product manager for Office, didn't return a call for comment.

Last week, Juan Carlos Cuartango, a programmer, discovered that Internet Explorer and Windows are configured to "trust" Word, Excel, Powerpoint and other Office program documents. They may be used as Trojan Horses to implant malicious code into a computer.

Office 2000 and some of the final versions of Office 97 are free from the flaw, but it is present in millions of installed versions of Office 97 and probably also in many older versions, possibly dating as far back as 1992, Cooper said.