Thread: Is Customizing Word's Ribbon UI Safe?
View Single Post
 
Old 01-17-2025, 11:19 PM
syl3786 syl3786 is offline Windows 10 Office 2019
Advanced Beginner
  
Join Date: Jan 2023
Posts: 97
syl3786 is on a distinguished road
Unhappy Is Customizing Word's Ribbon UI Safe?
I recently tried customizing Word's Ribbon UI:

My procedure:
  1. Created a .dotm file
  1. Added custom XML for Ribbon modifications using Office RibbonX Editor
  1. Placed file in Word's STARTUP folder:
    C:\Users[USER]\AppData\Roaming\Microsoft\Word\STARTUP

🚨 RED FLAG:
My antivirus immediately flagged the .dotm file as potentially harmful. It detected security vulnerabilities that could be exploited by malicious code. The warning suggested immediate removal of the file.

It is worth noting that my .dotm file contains only one simple module, which displays a message box.

My Questions:
  1. What's the current best practice for safe Ribbon customization?
  1. Are there modern alternatives to RibbonX Editor?
  1. Is there any way to edit the XML other than using RibbonX Editor? For example, can I change the .dotm file to a .zip, edit its XML code, repackage it as a .zip, and then change it back to a .dotm file? I tried this, but it didn’t work.
  1. How can we verify template security?

For now, I've removed the custom template for safety. I would love to hear from security experts on how to achieve this safely in 2025. The old methods seem too risky in today's threat landscape.
Reply With Quote