MICROSOFT'S FLOOD OF PRODUCT VULNERABILITIES (article)

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

The information about the article's publisher is at the end of the piece:

Four significant new security vulnerabilities in Microsoft products
came to light this week, three of them with a severity rating of
"high," which means that they require immediate action. Here is a
summary of the flaws and the affected Microsoft products:

1. Microsoft Word Macro Execution Vulnerability
Severity level: HIGH
Affected Products:
Microsoft Word 97/98/2000/2002
Microsoft Works Suite 2001/2002/2003 (includes Word)

2. Microsoft WordPerfect Converter Buffer Overflow
Severity level: HIGH
Affected Products:
Microsoft Office 97/2000/XP
Microsoft Word 98J
Microsoft FrontPage 2000/2002
Microsoft Publisher 2000/2002
Microsoft Works Suite 2001/2002/2003

3. Microsoft Visual Basic for Applications Buffer Overflow
Severity level: HIGH
Affected Products:
Microsoft Visual Basic for Apps SDK 5.0, 6.0, 6.2, 6.3
This affects the following VB-enabled applications:
Microsoft Access 97/2000/2002
Microsoft Excel 97/2000/2002
Microsoft PowerPoint 97/2000/2002
Microsoft Project 2000/2002
Microsoft Publisher 2002
Microsoft Visio 2002
Microsoft Word 97/98J/2000/2002
Microsoft Works Suite 2001/2002/2003
Microsoft Business Solutions Great Plains 7.5
Microsoft Business Solutions Dynamics 6.0, 7.0
Microsoft Business Solutions eEnterprise 6.0, 7.0
Microsoft Business Solutions Solomon 4.5, 5.0, 5.5
The bug also afflicts third-party products that use VB.

4. Microsoft Access Snapshot Viewer ActiveX Overflow
Severity level: MODERATE
Affected Products:
Microsoft Access Snapshot Viewer ActiveX Control
Microsoft Access 97/2000/2002
Potentially any Microsoft Internet Explorer 5.01, 5.5, 6.0

The first three exposures let a hacker gain control of the user's
computer and accomplish any action authorized at the victim's security
level. The "moderate" vulnerability lets a hacker take control of the
user's Internet Explorer browser and execute any command at the
browser's authentication level.

Microsoft has patches for all four bugs that should be installed
immediately. By now you know the urgency of applying such patches.

Microsoft's security bulletins on these flaws are at the following
URLs:
http://www.microsoft.com/technet/security/bulletin/MS03-035.asp
http://www.microsoft.com/technet/security/bulletin/MS03-036.asp
http://www.microsoft.com/technet/security/bulletin/MS03-037.asp
http://www.microsoft.com/technet/security/bulletin/MS03-038.asp

Because the time required to patch a large number of computers could
leave these vulnerabilities open, SANS' Incidents.Org group has
published a workaround to block the vulnerabilities temporarily:
http://isc.sans.org/diary.html?date=2003-09-05

IF YOU WANT TO SPONSOR a Dr. I. Doctor's Networking Tips Newsletter,
please contact your Penton Technology sales manager. Click here for
details: http://www.iseriesnetwork.com/info/mediakit/ad_contacts.cfm .
___________________________
Copyright 2003, Penton Technology Media
http://www.iSeriesNetwork.com
http://www.e-ProMag.com
http://www.DrIDoctor.com

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Nice round up, thanks Trip.

 

Thanks Trip.Thanks for keeping us in the picture about this important stuff.

I'd love to learn how these vulnerabilities work and how they are found, instead of just hearing about them as a dumb user.