http://www.microsoft.com/technet/security/bulletin/MS03-037.asp

Flaw in Visual Basic for Applications Could Allow Arbitrary Code =
execution (822715)

Originally posted: September 03, 2003

Summary

Who should read this bulletin: Customers using Microsoft =AE Office =
applications or applications that use Microsoft Visual Basic=AE for =
Applications.

Impact of vulnerability: Allow attacker to execute arbitrary code.

Maximum Severity Rating: Critical

Recommendation: Customers using Microsoft =AE Office applications or =
Microsoft Visual Basic for Applications should apply the patch at the =
earliest available opportunity.

End User Bulletin:
An end user version of this bulletin is available at:=20

http://www.microsoft.com/security/security_bulletins/ms03-037.asp.=20

Affected Software:=20
- Microsoft Visual Basic for Applications SDK 5.0
- Microsoft Visual Basic for Applications SDK 6.0
- Microsoft Visual Basic for Applications SDK 6.2
- Microsoft Visual Basic for Applications SDK 6.3Products which Include =
the Affected Software:=20
- Microsoft Access 97
- Microsoft Access 2000
- Microsoft Access 2002
- Microsoft Excel 97
- Microsoft Excel 2000
- Microsoft Excel 2002
- Microsoft PowerPoint 97
- Microsoft PowerPoint 2000
- Microsoft PowerPoint 2002
- Microsoft Project 2000
- Microsoft Project 2002
- Microsoft Publisher 2002
- Microsoft Visio 2000
- Microsoft Visio 2002
- Microsoft Word 97
- Microsoft Word 98(J)
- Microsoft Word 2000
- Microsoft Word 2002
- Microsoft Works Suite 2001
- Microsoft Works Suite 2002
- Microsoft Works Suite 2003
- Microsoft Business Solutions Great Plains 7.5
- Microsoft Business Solutions Dynamics 6.0
- Microsoft Business Solutions Dynamics 7.0
- Microsoft Business Solutions eEnterprise 6.0
- Microsoft Business Solutions eEnterprise 7.0
- Microsoft Business Solutions Solomon 4.5
- Microsoft Business Solutions Solomon 5.0
- Microsoft Business Solutions Solomon 5.5=20

Technical description:=20

Microsoft VBA is a development technology for developing client desktop =
packaged applications and integrating them with existing data and =
systems. Microsoft VBA is based on the Microsoft Visual Basic =
development system. Microsoft Office products include VBA and make use =
of VBA to perform certain functions. VBA can also be used to build =
customized applications based around an existing host application.

A flaw exists in the way VBA checks document properties passed to it =
when a document is opened by the host application. A buffer overrun =
exists which if exploited successfully could allow an attacker to =
execute code of their choice in the context of the logged on user.

In order for an attack to be successful, a user would have to open a =
specially crafted document sent to them by an attacker. This document =
could be any type of document that supports VBA, such as a Word =
document, Excel spreadsheet, PowerPoint presentation. In the case where =
Microsoft Word is being used as the HTML e-mail editor for Microsoft =
Outlook, this document could be an e-mail, however the user would need =
to reply to, or forward the mail message in order for the vulnerability =
to be exploited.

Mitigating factors:
- The user must open a document sent to them by an attacker in order for =
this vulnerability to be exploited.
- When Microsoft Word is being used as the HTML e-mail editor in =
Outlook, a user would need to reply to or forward a malicious e-mail =
document sent to them in order for this vulnerability to be exploited.
- An attacker's code could only run with the same rights as the logged =
on user. The specific privileges the attacker could gain through this =
vulnerability would therefore depend on the privileges granted to the =
user. Any limitations on a user's account, such as those applied through =
Group Policies, would also limit the actions of any arbitrary code =
executed by this vulnerability.

Vulnerability identifier: CAN-2003-0347



This email is sent to NTBugtraq automatically as a service to my =
subscribers. (v1.18)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Whatever Happened to Octopus?

LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
replication performance that's 5X faster than the competition in an
independent head-to-head test. Learn how RepliStor uses patented,
asynchronous, real-time replication, to deliver disaster recovery, data
distribution and consolidated backups. It is the first replication solution
to achieve Windows 2003 certification. Get the performance report now.

http://portal1.legato.com/products/replistor/upgrade.cfm

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo