Security 10809 Published by

Word, like other members of the Office product family, provides a security mechanism that requires user´s approval to run macros. By design, anytime a document is opened the user would be notified if
the document contains macros. In addition, this mechanism checks
secondary documents that the original document links to, such as templates, and warn if any of those contain macros. This feature works by scanning the document or template for the presence of macros, alerting the user of their presence, and then asking the user if he wants to allow the macros to run.

By embedding a macro in a template, and providing another user with
an RTF document that links to it, an attacker could cause a macro to run automatically when the RTF document was opened. The macro would be
able to take any action that the user herself could take. This could
include disabling the user´s Word security settings so that subsequently-opened Word documents would no longer be checked for macros.

Read more