The Microsoft Office for Mac option "Disable all macros without notification" enables XLM macros without prompting, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Up to and including Microsoft Excel 4.0, a macro format called XLM was available. XLM macros predate the VBA macros that are more common with modern Microsoft Office systems, however current Microsoft Office versions still support XLM macros.
By convincing a user to open specially-crafted Microsoft Excel content on a Mac that has "Disable all macros without notification" enabled, a remote, unauthenticated attacker may be able to execute arbitrary code with privileges of the user running Excel.
The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workarounds:
This issue was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2019-11-01|
|Date Last Updated:||2019-11-07 00:46 UTC|