MS03-037: Flaw in VBA Arbitrary Code Execution

By Steven
in Back Page News

 Share

Recommended Posts

Grand Master

Steven

Posted
Posted (edited)

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------

Title: Flaw in Visual Basic for Applications Could Allow

Arbitrary Code Execution (822715)

Date: 03 September 2003

Affected Software:

Microsoft Visual Basic for Applications SDK 5.0

Microsoft Visual Basic for Applications SDK 6.0

Microsoft Visual Basic for Applications SDK 6.2

Microsoft Visual Basic for Applications SDK 6.3

Products which include the affected software:

Microsoft Access 97

Microsoft Access 2000

Microsoft Access 2002

Microsoft Excel 97

Microsoft Excel 2000

Microsoft Excel 2002

Microsoft PowerPoint 97

Microsoft PowerPoint 2000

Microsoft PowerPoint 2002

Microsoft Project 2000

Microsoft Project 2002

Microsoft Publisher 2002

Microsoft Visio 2000

Microsoft Visio 2002

Microsoft Word 97

Microsoft Word 98(J)

Microsoft Word 2000

Microsoft Word 2002

Microsoft Works Suite 2001

Microsoft Works Suite 2002

Microsoft Works Suite 2003

Microsoft Business Solutions Great Plains 7.5

Microsoft Business Solutions Dynamics 6.0

Microsoft Business Solutions Dynamics 7.0

Microsoft Business Solutions eEnterprise 6.0

Microsoft Business Solutions eEnterprise 7.0

Microsoft Business Solutions Solomon 4.5

Microsoft Business Solutions Solomon 5.0

Microsoft Business Solutions Solomon 5.5

Impact: Run code of attackers choice

Max Risk: Critical

Bulletin: MS03-037

Microsoft encourages customers to review the Security Bulletins

at:

http://www.microsoft.com/technet/security/...in/MS03-037.asp

http://www.microsoft.com/security/security...ns/ms03-037.asp

- ----------------------------------------------------------------------

Issue:

======

Microsoft VBA is a development technology for developing client

desktop packaged applications and integrating them with existing

data and systems. Microsoft VBA is based on the Microsoft Visual

Basic development system. Microsoft Office products include VBA

and make use of VBA to perform certain functions. VBA can also be

used to build customized applications based around an existing

host application.

A flaw exists in the way VBA checks document properties passed to

it when a document is opened by the host application. A buffer

overrun exists which if exploited successfully could allow an

attacker to execute code of their choice in the context of the

logged on user.

In order for an attack to be successful, a user would have to

open a specially crafted document sent to them by an attacker.

This document could be any type of document that supports VBA,

such as a Word document, Excel spreadsheet, PowerPoint

presentation. In the case where Microsoft Word is being used as

the HTML e-mail editor for Microsoft Outlook, this document could

be an e-mail, however the user would need to reply to, or forward

the mail message in order for the vulnerability to be exploited.

Mitigating Factors:

====================

- -The user must open a document sent to them by an attacker in

order for this vulnerability to be exploited.

- -When Microsoft Word is being used as the HTML e-mail editor in

Outlook, a user would need to reply to or forward a malicious e-

mail document sent to them in order for this vulnerability to be

exploited.

- -An attacker's code could only run with the same rights as the

logged on user. The specific privileges the attacker could gain

through this vulnerability would therefore depend on the

privileges granted to the user. Any limitations on a user's

account, such as those applied through Group Policies, would also

limit the actions of any arbitrary code executed by this

vulnerability.

Risk Rating:

============

- Critical

Patch Availability:

===================

- A patch is available to fix this vulnerability. Please read

the Security Bulletins at

http://www.microsoft.com/technet/security/...in/ms03-037.asp

http://www.microsoft.com/security/security...ns/ms03-037.asp

for information on obtaining this patch.

Acknowledgment:

===============

- eEye Digital Security, http://www.eeye.com

Edited by xStainDx
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft releases major feature updates for stock Windows 11 apps

      By PurSpyk · Posted

      Anyway to download these versions without being on the Experimental builds?
    • Microsoft about to radically change how often your Edge browser updates

      By testman · Posted

      Nothing is stopping you from continuing with your testing cadence. If updates are released every 2 weeks instead of 4, and you test once every 4 weeks, the exact same amount of patches will still be available for you in those 4 weeks. For example: Before 4th week - patch 1, 2, 3, 4 After 2nd week - patch 1 and 2 4th week - patch 3 and 4 Still the same amount after 4.
    • Microsoft about to radically change how often your Edge browser updates

      By testman · Posted

      Everyone else has said it. I'm gonna say it - you don't know what you're talking about. I do. I have two laptops. One work, one personal. I have access to two more laptops - both personal. At home I manually update my personal laptop when I see on Neowin that there is an update - I carry on and only apply the updates when I am ready. My work one only updates when my workplace decides to send it - I carry on and only apply the updates (when they actually arrive, which is usually days after the release) when I switch off the laptop at the end of the day as usual. The two other personal laptops only get updated when I get to it which is rarely - the people who own them carry on using them until I get to it and update them. All of the browsers on all laptops are configured to restore the tabs when launched. Google and Microsoft have changed from 6 weeks to 4, and it looks like it's going to move to 2. None of these changes affect how any of these browsers on the laptops are used. Not one jot. My advice to you is stop panicking whenever you see an update. Just carry on with what you're doing. This even benefits you in a way - from your comment you sound like you don't like the changes or the frivolous new features - great - then carry on as before!
    • Lethal fake phone chargers are still being sold on Amazon and eBay, UK watchdog warns

      By Brian Miller · Posted

      AMAZON needs to take total accountability for this.
    • Windows Server gets DNS over HTTPS (DoH) support

      By binaryzero · Posted

      Server Summit had a heap of announcements, ADCS changes are baller.

  • Recent Achievements

    • Week One Done
      Jeroen Wilms earned a badge
      Week One Done
    • Week One Done
      rolfus earned a badge
      Week One Done
    • One Month Later
      Leroy Jethro Gibbs earned a badge
      One Month Later
    • Conversation Starter
      flexorcist earned a badge
      Conversation Starter
    • One Month Later
      AndreaB earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      509
    2. 2
      +Edouard
      198
    3. 3
      PsYcHoKiLLa
      138
    4. 4
      ATLien_0
      90
    5. 5
      Steven P.
      80
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!