Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Word Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1008150
|
|
CVE Reference: CAN-2003-0820
(Links to External Site)
|
Date: Nov 11 2003
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): Word 97, 98(J), 2000, and 2002
|
Description: A buffer overflow vulnerability was reported in Microsoft Word in the processing of macros. A remote user can create a malicious
document that, when opened by the target user, will execute arbitrary code with the privileges of the target user.
It is reported that Word does not properly validate the length of macro names embedded within a Word document.
Microsoft Works
Suite includes Microsoft Word and, therefore, is also affected [a separate Alert has been issued for Microsoft Works].
Microsoft
reports that Word 2003 is not affected.
|
Impact: A remote user can create a document that, when opened, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
|
Solution: Microsoft has issued the following fixes:
Microsoft Word 97:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5261EF7F-CC89-403C-949F-5F423E68C7AF&displaylan
g=en
Microsoft Word 98(J):
http://www.microsoft.com/downloads/details.aspx?FamilyId=75B9C39D-E6BD-4CE4-BD89-6F7B5AF2BDB1&displaylang=en
Microsoft
Word 2000 and Microsoft Works Suite 2001:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D2BD626E-401B-4FC7-BBAC-2C6B6E66D984&displaylang=en
Microsoft
Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B9B4E491-0B
33-423A-8FEE-27059A29B604&displaylang=en
No restart is required.
This update supercedes the patches described in the MS02-021,
MS02-031, MS02-059 and MS03-035 bulletins.
See the Microsoft advisory for a list of workarounds and a description of installation
options:
http://www.microsoft.com/technet/security/bulletin/MS03-050.asp
|
Vendor URL: www.microsoft.com/technet/security/bulletin/MS03-050.asp (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 11 Nov 2003 14:14:36 -0500
Subject: http://www.microsoft.com/technet/security/bulletin/MS03-050.asp
|
http://www.microsoft.com/technet/security/bulletin/MS03-050.asp
Microsoft Security Bulletin MS03-050
Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)
Issued: November 11, 2003
Version: 1.0
Impact of vulnerability: Run code of attackers choice
Affected Versions:
* Microsoft Excel 97
* Microsoft Excel 2000
* Microsoft Excel 2002
* Microsoft Word 97
* Microsoft Word 98(J)
* Microsoft Word 2000 and Microsoft Works Suite 2001
* Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and
Microsoft Works Suite 2004
CVE: CAN-2003-0820, CAN-2003-0821
A vulnerability was reported in Microsoft Excel. A remote user can create a spreadsheet
containing malicious macro code that, when opened by the target user, can execute
arbitrary macro commands on the target user's system.
It is reported that a remote user can create XLM macro code that will bypass the macro
security model and execute the macro code [CVE: CAN-2003-0821]. The code can take any
actions acting as the target user, the report said.
A buffer overflow vulnerability was also reported in Microsoft Word in the processing of
macros. A remote user can create a malicious document that, when opened by the target
user, will execute arbitrary code with the privileges of the target user.
It is reported that Word does not properly validate the length of macro names embedded
within a Word document [CVE: CAN-2003-0820].
Microsoft Works Suite includes Microsoft Word and, therefore, is affected.
Microsoft reports that Word 2003 and Excel 2003 are not affected.
Microsoft credits Kazuyuki Housaka with reporting the vulnerability in Excel.
Microsoft has issued the following fixes:
Microsoft Excel 97:
http://www.microsoft.com/downloads/details.aspx?FamilyId=927F8F0C-DB5A-4601-A628-2C3A1ED5D51B&dis
playlang=en
Microsoft Excel 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9904B2A6-0CF0-4CF2-AAE0-062BDD7417D5&dis
playlang=en
Microsoft Excel 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=FAB7259D-80B2-40E6-A235-581617287560&dis
playlang=en
Microsoft Word 97:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5261EF7F-CC89-403C-949F-5F423E68C7AF&dis
playlang=en
Microsoft Word 98(J):
http://www.microsoft.com/downloads/details.aspx?FamilyId=75B9C39D-E6BD-4CE4-BD89-6F7B5AF2BDB1&dis
playlang=en
Microsoft Word 2000 and Microsoft Works Suite 2001:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D2BD626E-401B-4FC7-BBAC-2C6B6E66D984&dis
playlang=en
Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft
Works Suite 2004:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B9B4E491-0B33-423A-8FEE-27059A29B604&dis
playlang=en
No restart is required.
For Excel, this update supercedes the security patches described in the MS01-050, MS02-031
and MS02-059 bulletins.
For Word, this update supercedes the patches described in the MS02-021, MS02-031, MS02-059
and MS03-035 bulletins.
See the Microsoft advisory for a list of workarounds and a description of installation
options:
http://www.microsoft.com/technet/security/bulletin/MS03-050.asp
|
|
Go to the Top of This SecurityTracker Archive Page
|
