1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Flaw in Visual Basic for Applications Allows Code Execution

Discussion in 'Computer Security' started by SimonV, Sep 4, 2003.

  1. SimonV

    SimonV Petabyte Poster Administrator

    6,616
    149
    228
    Flaw in Visual Basic for Applications Allows Code Execution

    Microsoft VBA is a development technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft VBA is based on the Microsoft Visual Basic development system. Microsoft Office products include VBA and make use of VBA to perform certain functions. VBA can also be used to build customized applications based around an existing host application. A flaw exists in the way VBA checks document properties passed to it when a document is opened by the host application. A buffer overrun exists which if exploited successfully could allow an attacker to execute code of their choice in the context of the logged on user. In order for an attack to be successful, a user would have to open a specially crafted document sent to them by an attacker. This document could be any type of document that supports VBA, such as a Word document, Excel spreadsheet or PowerPoint presentation.

    Impact: Run code of attackers choice
    Max Risk: Critical
    Bulletin: MS03-037
    View: Microsoft Security Bulletin MS03-037
    View: Technet Security Bulletin

    Microsoft Products Affected by This Update
    • Visual Basic for Applications SDK 5.0, 6.0, 6.2, and 6.3
    • Office 97, 2000, and XP
    • Word 98 (J)
    • Visio® 2000 and 2002
    • Project 2000 and 2002
    • Publisher 2002
    • Works Suite 2001, 2002, and 2003
    • Business Solutions Great Plains® 7.5
    • Business Solutions Dynamics® 6.0 and 7.0
    • Business Solutions eEnterprise® 6.0 and 7.0
    • Business Solutions Solomon® 4.5, 5.0, and 5.5
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...

Share This Page

Loading...