VULHUB ™

Microsoft Security Bulletin (MS00-071) - Microsoft has released a patch that eliminates the "Word Mail Merge" security vulnerability in Microsoft Word 2000 and 97. If an Access database is specified as a data source via DDE in a Word mail merge document, macro code can run without the user's approval when the user opens that document. If a user could be enticed into opening a specially constructed mail merge Word document, which was provided either as an e-mail attachment or as a link hosted on a hostile web site, it is possible to cause arbitrary code to run on the user's machine. Microsoft FAQ on this issue available here.

Microsoft Security Bulletin (MS00-071) - Microsoft has released a patch that eliminates the "Word Mail Merge" security vulnerability in Microsoft Word 2000 and 97. If an Access database is specified as a data source via DDE in a Word mail merge document, macro code can run without the user's approval when the user opens that document. If a user could be enticed into opening a specially constructed mail merge Word document, which was provided either as an e-mail attachment or as a link hosted on a hostile web site, it is possible to cause arbitrary code to run on the user's machine. Microsoft FAQ on this issue available here.