The security vulnerabilities affect relatively obscure features of Office 97, and have thus far not affected any users, according to Microsoft.
One bug, involving Microsoft's Word 97, could theoretically allow hackers to run malicious code through a Word document linked to a template containing "macros," or shortcuts. Macros are typically written to allow users to insert specific text into documents or add other functionality to documents, but can also can contain malicious code.
While Word 97 does warn users when opening a document containing macros, no warning occurs when a document template containing links to macros is opened. The patch issued yesterday warns users when opening templates containing links to macros.
"A macro is typically used in a legitimate way--it's a useful tool for people," said John Duncan, product manager for Microsoft office. "But it could also be written for malicious purposes?The fix is that users will now receive a warning, even when a macro is opened on a template."
Microsoft is informing approximately 1 million of the 40 million Office 97 users about the patch via a security alert. Microsoft asserts that there have been no reports of any problems because of the vulnerability.
Microsoft also distributed a patch yesterday for a security problem in Forms 2.0 Control, an ActiveX Control that is part of Office 97, according to Microsoft. The patch fixes a glitch that could allow malicious Web site administrators to access information stored on a user's clipboard.
"This [control] would be on a users' system if they have installed a number of different applications," from Office 97, Duncan said, noting that only the most recently edited information is stored on a users' clipboard anyway. "The only information that would be on your clipboard would be the last thing you cut and pasted."