<<< Date Index >>>     <<< Thread Index >>>

Alert: Microsoft Security Bulletin - MS03-037


Flaw in Visual Basic for Applications Could Allow Arbitrary Code execution 

Originally posted: September 03, 2003


Who should read this bulletin: Customers using Microsoft ® Office applications 
or applications that use Microsoft Visual Basic® for Applications.

Impact of vulnerability: Allow attacker to execute arbitrary code.

Maximum Severity Rating: Critical

Recommendation: Customers using Microsoft ® Office applications or Microsoft 
Visual Basic for Applications should apply the patch at the earliest available 

End User Bulletin:
An end user version of this bulletin is available at: 


Affected Software: 
- Microsoft Visual Basic for Applications SDK 5.0
- Microsoft Visual Basic for Applications SDK 6.0
- Microsoft Visual Basic for Applications SDK 6.2
- Microsoft Visual Basic for Applications SDK 6.3Products which Include the 
Affected Software: 
- Microsoft Access 97
- Microsoft Access 2000
- Microsoft Access 2002
- Microsoft Excel 97
- Microsoft Excel 2000
- Microsoft Excel 2002
- Microsoft PowerPoint 97
- Microsoft PowerPoint 2000
- Microsoft PowerPoint 2002
- Microsoft Project 2000
- Microsoft Project 2002
- Microsoft Publisher 2002
- Microsoft Visio 2000
- Microsoft Visio 2002
- Microsoft Word 97
- Microsoft Word 98(J)
- Microsoft Word 2000
- Microsoft Word 2002
- Microsoft Works Suite 2001
- Microsoft Works Suite 2002
- Microsoft Works Suite 2003
- Microsoft Business Solutions Great Plains 7.5
- Microsoft Business Solutions Dynamics 6.0
- Microsoft Business Solutions Dynamics 7.0
- Microsoft Business Solutions eEnterprise 6.0
- Microsoft Business Solutions eEnterprise 7.0
- Microsoft Business Solutions Solomon 4.5
- Microsoft Business Solutions Solomon 5.0
- Microsoft Business Solutions Solomon 5.5 

Technical description: 

Microsoft VBA is a development technology for developing client desktop 
packaged applications and integrating them with existing data and systems. 
Microsoft VBA is based on the Microsoft Visual Basic development system. 
Microsoft Office products include VBA and make use of VBA to perform certain 
functions. VBA can also be used to build customized applications based around 
an existing host application.

A flaw exists in the way VBA checks document properties passed to it when a 
document is opened by the host application. A buffer overrun exists which if 
exploited successfully could allow an attacker to execute code of their choice 
in the context of the logged on user.

In order for an attack to be successful, a user would have to open a specially 
crafted document sent to them by an attacker. This document could be any type 
of document that supports VBA, such as a Word document, Excel spreadsheet, 
PowerPoint presentation. In the case where Microsoft Word is being used as the 
HTML e-mail editor for Microsoft Outlook, this document could be an e-mail, 
however the user would need to reply to, or forward the mail message in order 
for the vulnerability to be exploited.

Mitigating factors:
- The user must open a document sent to them by an attacker in order for this 
vulnerability to be exploited.
- When Microsoft Word is being used as the HTML e-mail editor in Outlook, a 
user would need to reply to or forward a malicious e-mail document sent to them 
in order for this vulnerability to be exploited.
- An attacker's code could only run with the same rights as the logged on user. 
The specific privileges the attacker could gain through this vulnerability 
would therefore depend on the privileges granted to the user. Any limitations 
on a user's account, such as those applied through Group Policies, would also 
limit the actions of any arbitrary code executed by this vulnerability.

Vulnerability identifier: CAN-2003-0347

This email is sent to NTBugtraq automatically as a service to my subscribers. 

Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

Whatever Happened to Octopus?

LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
replication performance that's 5X faster than the competition in an
independent head-to-head test. Learn how RepliStor uses patented,
asynchronous, real-time replication, to deliver disaster recovery, data
distribution and consolidated backups. It is the first replication solution
to achieve Windows 2003 certification. Get the performance report now.