1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.


Discussion in 'Computer Security' started by tripwire45, Sep 11, 2003.

  1. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    The information about the article's publisher is at the end of the piece:

    Four significant new security vulnerabilities in Microsoft products
    came to light this week, three of them with a severity rating of
    "high," which means that they require immediate action. Here is a
    summary of the flaws and the affected Microsoft products:

    1. Microsoft Word Macro Execution Vulnerability
    Severity level: HIGH
    Affected Products:
    Microsoft Word 97/98/2000/2002
    Microsoft Works Suite 2001/2002/2003 (includes Word)

    2. Microsoft WordPerfect Converter Buffer Overflow
    Severity level: HIGH
    Affected Products:
    Microsoft Office 97/2000/XP
    Microsoft Word 98J
    Microsoft FrontPage 2000/2002
    Microsoft Publisher 2000/2002
    Microsoft Works Suite 2001/2002/2003

    3. Microsoft Visual Basic for Applications Buffer Overflow
    Severity level: HIGH
    Affected Products:
    Microsoft Visual Basic for Apps SDK 5.0, 6.0, 6.2, 6.3
    This affects the following VB-enabled applications:
    Microsoft Access 97/2000/2002
    Microsoft Excel 97/2000/2002
    Microsoft PowerPoint 97/2000/2002
    Microsoft Project 2000/2002
    Microsoft Publisher 2002
    Microsoft Visio 2002
    Microsoft Word 97/98J/2000/2002
    Microsoft Works Suite 2001/2002/2003
    Microsoft Business Solutions Great Plains 7.5
    Microsoft Business Solutions Dynamics 6.0, 7.0
    Microsoft Business Solutions eEnterprise 6.0, 7.0
    Microsoft Business Solutions Solomon 4.5, 5.0, 5.5
    The bug also afflicts third-party products that use VB.

    4. Microsoft Access Snapshot Viewer ActiveX Overflow
    Severity level: MODERATE
    Affected Products:
    Microsoft Access Snapshot Viewer ActiveX Control
    Microsoft Access 97/2000/2002
    Potentially any Microsoft Internet Explorer 5.01, 5.5, 6.0

    The first three exposures let a hacker gain control of the user's
    computer and accomplish any action authorized at the victim's security
    level. The "moderate" vulnerability lets a hacker take control of the
    user's Internet Explorer browser and execute any command at the
    browser's authentication level.

    Microsoft has patches for all four bugs that should be installed
    immediately. By now you know the urgency of applying such patches.

    Microsoft's security bulletins on these flaws are at the following

    Because the time required to patch a large number of computers could
    leave these vulnerabilities open, SANS' Incidents.Org group has
    published a workaround to block the vulnerabilities temporarily:

    IF YOU WANT TO SPONSOR a Dr. I. Doctor's Networking Tips Newsletter,
    please contact your Penton Technology sales manager. Click here for
    details: http://www.iseriesnetwork.com/info/mediakit/ad_contacts.cfm .
    Copyright 2003, Penton Technology Media
    Certifications: A+ and Network+
  2. SimonV

    SimonV Petabyte Poster Administrator

    Nice round up, thanks Trip.

    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  3. flex22

    flex22 Gigabyte Poster

    Thanks Trip.Thanks for keeping us in the picture about this important stuff.

    I'd love to learn how these vulnerabilities work and how they are found, instead of just hearing about them as a dumb user. :(

Share This Page