OT: Word docm Question

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
OT:  Word docm Question...

Any way to disable the macros in a Word docm document _before_
opening?

I'm curious to see what those folks who love me so much are trying to
pull ;-)
        
                                        ...Jim Thompson
--  
| James E.Thompson                                 |    mens     |
| Analog Innovations                               |     et      |
We've slightly trimmed the long signature. Click to see the full one.
Re: OT: Word docm Question
On 14/12/16 15:59, Jim Thompson wrote:
Quoted text here. Click to load it

It used to be possible to open Turd documents in
Wordpad (? the RTF version of notepad)

Sometimes it was possible to see /earlier/ unexpurgated
versions of the document, which could be very valuable
when trying to understand what corporate masters were
/really/ trying to say :)

Or open in OpenOffice on a live disk just booted from
DVD.




Re: OT: Word docm Question
On 12/14/2016 10:59 AM, Jim Thompson wrote:
Quoted text here. Click to load it

I don't know what a docm file is as compared to a doc or docx file.  But  
whenever I open office documents with macros I get a warning and an  
offer to disable the macros.  Hmmm... for some reason I don't currently  
get that as an option, it says my security setting does not allow the  
execution of macros.  I must have inadvertently changed that.  Fixed!

I use LibreOffice and I think it is great!  Much less frustration than  
MS Office.

--  

Rick C

Re: OT: Word docm Question
Upgrade to Word 97. Most of that shit won't run in it.  

You should see how old my JPG editor is, you can't embed anything or it just won't open.  

Re: OT: Word docm Question
On 15/12/16 02:59, Jim Thompson wrote:
Quoted text here. Click to load it

DOCX files are ZIP files with the main content in XML.
You can unzip them to peruse the contents - but you
hav eto look past a lot of crap to see the content.


Re: OT: Word docm Question
On Thu, 15 Dec 2016 08:43:26 +1100, Clifford Heath

Quoted text here. Click to load it

These are _docM_, "MACRO-enabled" file type is what is showing in
Windows Explorer.

So I guessing if I open them the macros will do their inglorious
thing.

So I was looking for a way to disable macros first.
        
                                        ...Jim Thompson
--  
| James E.Thompson                                 |    mens     |
| Analog Innovations                               |     et      |
We've slightly trimmed the long signature. Click to see the full one.
Re: OT: Word docm Question
On 2016/12/14 2:06 PM, Jim Thompson wrote:
Quoted text here. Click to load it

Google search "how to disable marcos in word documents"

1st response:

------------(quote)-------------
Word

     Click the Microsoft Office Button , and then click Word Options.
     Click Trust Center, click Trust Center Settings, and then click  
Macro Settings.
     Click the options that you want: Disable all macros without  
notification Click this option if you don't trust macros.
-----------(end quote)-----------

Much as I don't trust Google, is this what you are looking for?

John ;-#)#

--  
(Please post followups or tech inquiries to the USENET newsgroup)
John's  Jukes Ltd. 2343 Main St., Vancouver, BC, Canada V5T 3C9
We've slightly trimmed the long signature. Click to see the full one.
Re: OT: Word docm Question
On 14/12/2016 15:59, Jim Thompson wrote:
Quoted text here. Click to load it

Set your global preferences to never run macros or to ask every time if  
you can be sure you will never be daft enough to run them by accident.
(If you don't use macros this is a sensible precaution)

Assuming Office 2010 or similar it should be something along the lines of

File
    Options
        Trust Center
            Macro Settings

I have disabled with notification. I use macros sometimes.
You probably want disabled without notification.

Quoted text here. Click to load it

I thought MickeySoft had made their macro configuration default slightly  
less unsafe than it used to be in the bad old days.

You may also need a macro password cracker too since most of the malware  
isn't daft enough to leave their code easily visible.
It would score quite highly on the obfuscated code competition.

You do this at your own risk! Password crackers and video stream  
grabbers are notorious sources of PUPs and other malware.

It is easier to throw the code at VirusTotal for its name and then look  
up what the thing was trying to do to you on an AV site.

https://www.virustotal.com/

That site is particularly handy when a zero day exploit comes along that  
your own AV can't see since there is a chance one of the others  
heuristics will recognise it as a derivative work with hostile intent.

--  
Regards,
Martin Brown

Re: OT: Word docm Question
On 15/12/2016 09:19, Martin Brown wrote:
Quoted text here. Click to load it

I also forgot to mention that .DOCX and .DOCM are actually ZIP  
encapsulated and as such are also vulnerable to direct attack against  
buffer overrun weaknesses in the ZIP decoder which could be triggered  
even before the embedded macros are executed. Same with unsolicited PDF  
files - there are new vulnerabilities recently found in creatively  
malformed JPGs that can gain enough privileges to alter the system.

Unless you can open the thing in a very robust throwaway VM sandbox it  
isn't worth the risk of trashing your system for curiosity. If something  
gets past you then you may not notice anything has happened until one  

trash". (by then everything will be hard encrypted)

--  
Regards,
Martin Brown

Re: OT: Word docm Question
On 12/15/2016 4:14 AM, Martin Brown wrote:
Quoted text here. Click to load it

Quoted text here. Click to load it

Wrap your "viewer" in a sandbox.  Open document (photo, etc.).  Close document.
Examine turds left *in* the sandbox.  Use this to decide how much you trust
the document and its source!


Re: OT: Word docm Question
On Wed, 14 Dec 2016 08:59:35 -0700, Jim Thompson

Quoted text here. Click to load it

If it's the same stuff doing the rounds worldwide, it will contain
javascript to connect via the 'net (at some future time) to a remote
machine to download the true payload.  May be ransomware, ain't about
to find out.

I get anything up to ten a day, some with a "visible" zip attachment
and some embedded.  In all cases which I have examined, the key ".js"
is visible (*) with a filename preceding it.

(*) with a suitable raw file viewer.

Site Timeline