Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Arbitrary Code Execution Vulnerability in Microsoft Visual Basic for Applications
A vulnerability in Visual Basic for Applications can result in the execution of arbitrary code on the vulnerable system.
Ken Pfeil
September 2, 2003
2 Min Read
Reported September 3, 2003, by Microsoft.
VERSIONS AFFECTED
Microsoft Visual Basic for Applications (VBA) SDK 6.3, 6.2, 6.0, and 5.0
Microsoft Access 2002, 2000, and 97
Microsoft Excel 2002, 2000, and 97
Microsoft PowerPoint 2002, 2000, and 97
Microsoft Project 2002 and 2000
Microsoft Publisher 2002
Microsoft Visio 2002 and 2000
Microsoft Word 2002, 2000, 98, and 97
Microsoft Works Suite 2003, 2002, and 2001
Microsoft Business Solutions Great Plains 7.5
Microsoft Business Solutions Dynamics 7.0 and 6.0
Microsoft Business Solutions eEnterprise 7.0 and 6.0
Microsoft Business Solutions Solomon 5.5, 5.0, and 4.5
DESCRIPTION
A vulnerability in Visual Basic for Applications can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way Microsoft Visual Basic for Applications (VBA) checks document properties passed to it when the host application opens a document. The resulting buffer overrun can permit an attacker to execute code of his or her choice under the logged-on user's security context.
VENDOR RESPONSE
Microsoft has released Security BulletinMS03-037, "Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution (822715)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.
CREDIT
Discovered byeEye Digital Security.
Read more about:
MicrosoftAbout the Author(s)
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
.jpg?width=700&auto=webp&quality=80&disable=upscale)
