Press CTRL-D to bookmark us
Welcome Guest Login / Register / Members
Search in  
Top Submit newsSubscribe
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
 

 Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?
 
 Microsoft Word Macro Name Length Buffer Overflow Lets Remote Users Execute Arbitrary Code
Categorie: Vulnerability
Posted: 2003-11-12 by ReCall
Views: 356
Source: Click here
 		Current Rating: Not rated
Poor Best
 Details
Description: A buffer overflow vulnerability was reported in Microsoft Word in the processing of macros. A remote user can create a malicious document that, when opened by the target user, will execute arbitrary code with the privileges of the target user.

It is reported that Word does not properly validate the length of macro names embedded within a Word document.

Microsoft Works Suite includes Microsoft Word and, therefore, is also affected [a separate Alert has been issued for Microsoft Works].

Microsoft reports that Word 2003 is not affected.

Impact: A remote user can create a document that, when opened, will execute arbitrary code on the target user's system. The code
will run with the privileges of the target user.

Solution: Microsoft has issued the following fixes:


Microsoft Word 97:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5261EF7F-CC89-403C-949F-5F423E68C7AF&displaylang=en

Microsoft Word 98(J):

http://www.microsoft.com/downloads/details.aspx?FamilyId=75B9C39D-E6BD-4CE4-BD89-6F7B5AF2BDB1&displaylang=en

Microsoft Word 2000 and Microsoft Works Suite 2001:

http://www.microsoft.com/downloads/details.aspx?FamilyId=D2BD626E-401B-4FC7-BBAC-2C6B6E66D984&displaylang=en

Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004:

http://www.microsoft.com/downloads/details.aspx?FamilyId=B9B4E491-0B 33-423A-8FEE-27059A29B604&displaylang=en

No restart is required.

This update supercedes the patches described in the MS02-021, MS02-031, MS02-059 and MS03-035 bulletins.

See the Microsoft advisory for a list of workarounds and a description of installation options:

http://www.microsoft.com/technet/security/bulletin/MS03-050.asp
 
Syndication
Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=531

User comments (post your comments here)

Only registerd members can post comments and articles
 
Previous articleBack to news listNext article
 


InterJOB.su
Bookmark us | Set As Homepage | Advertising | Contact Us | Recomend us | Link us | Links | Terms

SpyLOG Page Rank Checker
LAST QUERIES