Alert: Microsoft Security Bulletin - MS03-037
http://www.microsoft.com/technet/security/bulletin/MS03-037.asp
Flaw in Visual Basic for Applications Could Allow Arbitrary Code execution
(822715)
Originally posted: September 03, 2003
Summary
Who should read this bulletin: Customers using Microsoft ® Office applications
or applications that use Microsoft Visual Basic® for Applications.
Impact of vulnerability: Allow attacker to execute arbitrary code.
Maximum Severity Rating: Critical
Recommendation: Customers using Microsoft ® Office applications or Microsoft
Visual Basic for Applications should apply the patch at the earliest available
opportunity.
End User Bulletin:
An end user version of this bulletin is available at:
http://www.microsoft.com/security/security_bulletins/ms03-037.asp.
Affected Software:
- Microsoft Visual Basic for Applications SDK 5.0
- Microsoft Visual Basic for Applications SDK 6.0
- Microsoft Visual Basic for Applications SDK 6.2
- Microsoft Visual Basic for Applications SDK 6.3Products which Include the
Affected Software:
- Microsoft Access 97
- Microsoft Access 2000
- Microsoft Access 2002
- Microsoft Excel 97
- Microsoft Excel 2000
- Microsoft Excel 2002
- Microsoft PowerPoint 97
- Microsoft PowerPoint 2000
- Microsoft PowerPoint 2002
- Microsoft Project 2000
- Microsoft Project 2002
- Microsoft Publisher 2002
- Microsoft Visio 2000
- Microsoft Visio 2002
- Microsoft Word 97
- Microsoft Word 98(J)
- Microsoft Word 2000
- Microsoft Word 2002
- Microsoft Works Suite 2001
- Microsoft Works Suite 2002
- Microsoft Works Suite 2003
- Microsoft Business Solutions Great Plains 7.5
- Microsoft Business Solutions Dynamics 6.0
- Microsoft Business Solutions Dynamics 7.0
- Microsoft Business Solutions eEnterprise 6.0
- Microsoft Business Solutions eEnterprise 7.0
- Microsoft Business Solutions Solomon 4.5
- Microsoft Business Solutions Solomon 5.0
- Microsoft Business Solutions Solomon 5.5
Technical description:
Microsoft VBA is a development technology for developing client desktop
packaged applications and integrating them with existing data and systems.
Microsoft VBA is based on the Microsoft Visual Basic development system.
Microsoft Office products include VBA and make use of VBA to perform certain
functions. VBA can also be used to build customized applications based around
an existing host application.
A flaw exists in the way VBA checks document properties passed to it when a
document is opened by the host application. A buffer overrun exists which if
exploited successfully could allow an attacker to execute code of their choice
in the context of the logged on user.
In order for an attack to be successful, a user would have to open a specially
crafted document sent to them by an attacker. This document could be any type
of document that supports VBA, such as a Word document, Excel spreadsheet,
PowerPoint presentation. In the case where Microsoft Word is being used as the
HTML e-mail editor for Microsoft Outlook, this document could be an e-mail,
however the user would need to reply to, or forward the mail message in order
for the vulnerability to be exploited.
Mitigating factors:
- The user must open a document sent to them by an attacker in order for this
vulnerability to be exploited.
- When Microsoft Word is being used as the HTML e-mail editor in Outlook, a
user would need to reply to or forward a malicious e-mail document sent to them
in order for this vulnerability to be exploited.
- An attacker's code could only run with the same rights as the logged on user.
The specific privileges the attacker could gain through this vulnerability
would therefore depend on the privileges granted to the user. Any limitations
on a user's account, such as those applied through Group Policies, would also
limit the actions of any arbitrary code executed by this vulnerability.
Vulnerability identifier: CAN-2003-0347
This email is sent to NTBugtraq automatically as a service to my subscribers.
(v1.18)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Whatever Happened to Octopus?
LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
replication performance that's 5X faster than the competition in an
independent head-to-head test. Learn how RepliStor uses patented,
asynchronous, real-time replication, to deliver disaster recovery, data
distribution and consolidated backups. It is the first replication solution
to achieve Windows 2003 certification. Get the performance report now.
http://portal1.legato.com/products/replistor/upgrade.cfm
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo