|
http://www.microsoft.com/technet/security/bulletin/MS03-037.asp Flaw in Visual Basic for Applications Could Allow Arbitrary Code = execution (822715) Originally posted: September 03, 2003 Summary Who should read this bulletin: Customers using Microsoft =AE Office = applications or applications that use Microsoft Visual Basic=AE for = Applications. Impact of vulnerability: Allow attacker to execute arbitrary code. Maximum Severity Rating: Critical Recommendation: Customers using Microsoft =AE Office applications or = Microsoft Visual Basic for Applications should apply the patch at the = earliest available opportunity. End User Bulletin: An end user version of this bulletin is available at:=20 http://www.microsoft.com/security/security_bulletins/ms03-037.asp.=20 Affected Software:=20 - Microsoft Visual Basic for Applications SDK 5.0 - Microsoft Visual Basic for Applications SDK 6.0 - Microsoft Visual Basic for Applications SDK 6.2 - Microsoft Visual Basic for Applications SDK 6.3Products which Include = the Affected Software:=20 - Microsoft Access 97 - Microsoft Access 2000 - Microsoft Access 2002 - Microsoft Excel 97 - Microsoft Excel 2000 - Microsoft Excel 2002 - Microsoft PowerPoint 97 - Microsoft PowerPoint 2000 - Microsoft PowerPoint 2002 - Microsoft Project 2000 - Microsoft Project 2002 - Microsoft Publisher 2002 - Microsoft Visio 2000 - Microsoft Visio 2002 - Microsoft Word 97 - Microsoft Word 98(J) - Microsoft Word 2000 - Microsoft Word 2002 - Microsoft Works Suite 2001 - Microsoft Works Suite 2002 - Microsoft Works Suite 2003 - Microsoft Business Solutions Great Plains 7.5 - Microsoft Business Solutions Dynamics 6.0 - Microsoft Business Solutions Dynamics 7.0 - Microsoft Business Solutions eEnterprise 6.0 - Microsoft Business Solutions eEnterprise 7.0 - Microsoft Business Solutions Solomon 4.5 - Microsoft Business Solutions Solomon 5.0 - Microsoft Business Solutions Solomon 5.5=20 Technical description:=20 Microsoft VBA is a development technology for developing client desktop = packaged applications and integrating them with existing data and = systems. Microsoft VBA is based on the Microsoft Visual Basic = development system. Microsoft Office products include VBA and make use = of VBA to perform certain functions. VBA can also be used to build = customized applications based around an existing host application. A flaw exists in the way VBA checks document properties passed to it = when a document is opened by the host application. A buffer overrun = exists which if exploited successfully could allow an attacker to = execute code of their choice in the context of the logged on user. In order for an attack to be successful, a user would have to open a = specially crafted document sent to them by an attacker. This document = could be any type of document that supports VBA, such as a Word = document, Excel spreadsheet, PowerPoint presentation. In the case where = Microsoft Word is being used as the HTML e-mail editor for Microsoft = Outlook, this document could be an e-mail, however the user would need = to reply to, or forward the mail message in order for the vulnerability = to be exploited. Mitigating factors: - The user must open a document sent to them by an attacker in order for = this vulnerability to be exploited. - When Microsoft Word is being used as the HTML e-mail editor in = Outlook, a user would need to reply to or forward a malicious e-mail = document sent to them in order for this vulnerability to be exploited. - An attacker's code could only run with the same rights as the logged = on user. The specific privileges the attacker could gain through this = vulnerability would therefore depend on the privileges granted to the = user. Any limitations on a user's account, such as those applied through = Group Policies, would also limit the actions of any arbitrary code = executed by this vulnerability. Vulnerability identifier: CAN-2003-0347 This email is sent to NTBugtraq automatically as a service to my = subscribers. (v1.18) Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Whatever Happened to Octopus? LEGATO RepliStor, formerly known as Octopus, delivers breakthrough replication performance that's 5X faster than the competition in an independent head-to-head test. Learn how RepliStor uses patented, asynchronous, real-time replication, to deliver disaster recovery, data distribution and consolidated backups. It is the first replication solution to achieve Windows 2003 certification. Get the performance report now. http://portal1.legato.com/products/replistor/upgrade.cfm oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo