Open XML Application Security (1) macro security

A macro is a set of commands that can be applied with one click. They can almost automatically do anything you do in a program, or even perform tasks that you think are impossible.

Macros are programming, but you can use them even if you are not a developer, and you don't even need to know any programming knowledge. Most macros you can create in Office programs are written in Microsoft VBA (Visual Basic for applications) language.

In fact, although most macros are harmless and beneficial, macros are an important security issue. If someone creates a macro with malicious intent, these macros may contain destructive code that damages your document or system.

For Open XML-supported documents, documents that contain macros or code are saved with a special name, such as the suffix name of the Word document is the suffix name of the Docm,excel workbook is the xlsm,ppt presentation suffix name is pptm, where the letter "M" Represents the macro (macro), so you can clearly identify whether a macro exists in the current document.

In addition, by default, the new Open XML file format does not execute macros and embedded code in the document, and can quickly identify and delete identity and sensitive information, such as user names, notes, and file paths, in the document. As a result, documents saved in the Open XML format are more secure and can be safely shared with others.

In Word 2007, for example, open the Word options → Trust Center → macro setting to see Options for macro settings. As shown in Figure 14-22.

Figure 14-22 Macro Security settings

As you can see from Figure 14-22, all macros are disabled by default, and you can change this setting according to the actual situation.

The macro exists in the specified directory as a binary OLE2 file in the Open XML package, in general, with the following rules:

Q Word:word/vbaproject.bin

Q Excel:xl/vbaproject.bin

Q Powerppoint:ppt/vbaproject.bin

Unfortunately, macros are not mentioned in the specification document for Open XML, and the format of the OLE2 file is not public. Next blog to learn what OLE is and how it is related to Office documents.

----------------Note: This part of the text is adapted from the ". NET Security Secrets"

Author: Hyun-Soul

Source: http://www.cnblogs.com/xuanhun/

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/web/XML/