SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   Microsoft Works Vendors:   Microsoft
Microsoft Works Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1008151
SecurityTracker URL:  http://securitytracker.com/id/1008151
CVE Reference:   CVE-2003-0820   (Links to External Site)
Updated:  Nov 12 2003
Original Entry Date:  Nov 11 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Microsoft Works Suite 2001, 2002, 2003, and 2004
Description:   A buffer overflow vulnerability was reported in Microsoft Works in the processing of macros. A remote user can create a malicious document that, when opened by the target user, will execute arbitrary code with the privileges of the target user.

It is reported that Works does not properly validate the length of macro names embedded within a Works/Word document.

The vulnerability also affects Microsoft Word [a separate Alert has been issued for Microsoft Word].

Impact:   A remote user can create a document that, when opened, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
Solution:   Microsoft has issued the following fixes:

Microsoft Word 2000 and Microsoft Works Suite 2001:

http://www.microsoft.com/downloads/details.aspx?FamilyId=D2BD626E-401B-4FC7-BBAC-2C6B6E66D984&displaylang=en

Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004:

http://www.microsoft.com/downloads/details.aspx?FamilyId=B9B4E491-0B33-423A-8FEE-27059A29B604&displaylang=en

No restart is required.

This update supercedes the patches described in the MS02-021, MS02-031, MS02-059 and MS03-035 bulletins.

See the Microsoft advisory for a list of workarounds and a description of installation options:

http://www.microsoft.com/technet/security/bulletin/MS03-050.asp

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS03-050.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  http://www.microsoft.com/technet/security/bulletin/MS03-050.asp


http://www.microsoft.com/technet/security/bulletin/MS03-050.asp

Microsoft Security Bulletin MS03-050

Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)

Issued: November 11, 2003
Version: 1.0

Impact of vulnerability: Run code of attackers choice

Affected Versions:

* Microsoft Excel 97
* Microsoft Excel 2000
* Microsoft Excel 2002
* Microsoft Word 97
* Microsoft Word 98(J)
* Microsoft Word 2000 and Microsoft Works Suite 2001
* Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and 
Microsoft Works Suite 2004

CVE: CAN-2003-0820, CAN-2003-0821


A vulnerability was reported in Microsoft Excel.  A remote user can create a spreadsheet 
containing malicious macro code that, when opened by the target user, can execute 
arbitrary macro commands on the target user's system.

It is reported that a remote user can create XLM macro code that will bypass the macro 
security model and execute the macro code [CVE: CAN-2003-0821].  The code can take any 
actions acting as the target user, the report said.

A buffer overflow vulnerability was also reported in Microsoft Word in the processing of 
macros.  A remote user can create a malicious document that, when opened by the target 
user, will execute arbitrary code with the privileges of the target user.

It is reported that Word does not properly validate the length of macro names embedded 
within a Word document [CVE: CAN-2003-0820].

Microsoft Works Suite includes Microsoft Word and, therefore, is affected.

Microsoft reports that Word 2003 and Excel 2003 are not affected.

Microsoft credits Kazuyuki Housaka with reporting the vulnerability in Excel.


Microsoft has issued the following fixes:

Microsoft Excel 97:

http://www.microsoft.com/downloads/details.aspx?FamilyId=927F8F0C-DB5A-4601-A628-2C3A1ED5D51B&displaylang=en

Microsoft Excel 2000:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9904B2A6-0CF0-4CF2-AAE0-062BDD7417D5&displaylang=en

Microsoft Excel 2002:

http://www.microsoft.com/downloads/details.aspx?FamilyId=FAB7259D-80B2-40E6-A235-581617287560&displaylang=en

Microsoft Word 97:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5261EF7F-CC89-403C-949F-5F423E68C7AF&displaylang=en

Microsoft Word 98(J):

http://www.microsoft.com/downloads/details.aspx?FamilyId=75B9C39D-E6BD-4CE4-BD89-6F7B5AF2BDB1&displaylang=en

Microsoft Word 2000 and Microsoft Works Suite 2001:

http://www.microsoft.com/downloads/details.aspx?FamilyId=D2BD626E-401B-4FC7-BBAC-2C6B6E66D984&displaylang=en

Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft 
Works Suite 2004:

http://www.microsoft.com/downloads/details.aspx?FamilyId=B9B4E491-0B33-423A-8FEE-27059A29B604&displaylang=en

No restart is required.

For Excel, this update supercedes the security patches described in the MS01-050, MS02-031 
and MS02-059 bulletins.

For Word, this update supercedes the patches described in the MS02-021, MS02-031, MS02-059 
and MS03-035 bulletins.

See the Microsoft advisory for a list of workarounds and a description of installation 
options:

http://www.microsoft.com/technet/security/bulletin/MS03-050.asp



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC