|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] Microsoft Word/Works Automated Macro Execution Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Sep 03 2003 - 15:12:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Microsoft Word/Works Automated Macro Execution Vulnerability
SECUNIA ADVISORY ID:
SA9664
VERIFY ADVISORY:
http://www.secunia.com/advisories/9664/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Microsoft Works Suite 2003
Microsoft Office 2000
Microsoft Office 97
Microsoft Office XP
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 97
Microsoft Word 98(J)
Microsoft Works Suite 2001
Microsoft Works Suite 2002
DESCRIPTION:
A vulnerability has been reported in Microsoft Word and Works Suite,
which can be exploited by malicious people to execute arbitrary code
on a user's system automatically.
The vulnerability is caused due to an error when checking the
properties of modified documents thus making it possible to bypass
the macro security model designed to restrict potentially malicious
macros from executing on a user's system. This can be exploited by
constructing a specially crafted document with an embedded macro and
trick a user into opening the document.
Successful exploitation allows execution of arbitrary commands on a
users system with the user's privileges via macros.
SOLUTION:
Apply patches.
Office users can visit Office Update to install the patch:
http://www.office.microsoft.com/ProductUpdates/default.aspx
-- Microsoft Word 2002 (requires Office XP SP2) and Works 2002/2003
--
http://microsoft.com/downloads/details.aspx?FamilyId=7D3775FC-F424-4B04-ABEB-9B4CA1EB182D&displaylang=en
Administrative update only (requires Office XP SP1 or later):
http://www.microsoft.com/office/ork/xp/journ/wrd1006a.htm
-- Microsoft Word 2000 (requires Office SP3) and Works 2001 --
http://microsoft.com/downloads/details.aspx?FamilyId=4A8F6ACE-E14E-4978-A9C9-6989CD03A4A3&displaylang=en
Administrative update only:
http://www.microsoft.com/office/ork/xp/journ/wrd0903a.htm
-- Microsoft Word 97/Microsoft Word 98(J) --
See the following knowledge base article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;827647
REPORTED BY / CREDITS:
Jim Bassett
ORIGINAL ADVISORY:
Security Bulletin MS03-035:
http://www.microsoft.com/technet/security/bulletin/MS03-035.asp
OTHER REFERENCES:
Knowledge base article discussing the issue:
http://support.microsoft.com/default.aspx?scid=kb;en-us;827653
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]