[Am-info] Here we go again! Another MS vulnerability.

Fred A. Miller fmiller@lightlink.com
Wed, 3 Sep 2003 23:37:58 -0400 

Microsoft Word/Works Automated Macro Execution Vulnerability

SECUNIA ADVISORY ID:
SA9664

VERIFY ADVISORY:
http://www.secunia.com/advisories/9664/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
=46rom remote

SOFTWARE:
Microsoft Works Suite 2003
Microsoft Office 2000
Microsoft Office 97
Microsoft Office XP
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 97
Microsoft Word 98(J)
Microsoft Works Suite 2001
Microsoft Works Suite 2002

DESCRIPTION:
A vulnerability has been reported in Microsoft Word and Works Suite,
which can be exploited by malicious people to execute arbitrary code
on a user's system automatically.

The vulnerability is caused due to an error when checking the
properties of modified documents thus making it possible to bypass
the macro security model designed to restrict potentially malicious
macros from executing on a user's system. This can be exploited by
constructing a specially crafted document with an embedded macro and
trick a user into opening the document.

Successful exploitation allows execution of arbitrary commands on a
users system with the user's privileges via macros.

SOLUTION:
Apply patches.=20

Office users can visit Office Update to install the patch:
http://www.office.microsoft.com/ProductUpdates/default.aspx


=2D- Microsoft Word 2002 (requires Office XP SP2) and Works 2002/2003
=2D-

http://microsoft.com/downloads/details.aspx?FamilyId=3D7D3775FC-F424-4B04-A=
BEB-9B4CA1EB182D&displaylang=3Den

Administrative update only (requires Office XP SP1 or later):
http://www.microsoft.com/office/ork/xp/journ/wrd1006a.htm=20


=2D- Microsoft Word 2000 (requires Office SP3) and Works 2001 --

http://microsoft.com/downloads/details.aspx?FamilyId=3D4A8F6ACE-E14E-4978-A=
9C9-6989CD03A4A3&displaylang=3Den

Administrative update only:
http://www.microsoft.com/office/ork/xp/journ/wrd0903a.htm=20


=2D- Microsoft Word 97/Microsoft Word 98(J) --

See the following knowledge base article:
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;827647

REPORTED BY / CREDITS:
Jim Bassett

ORIGINAL ADVISORY:
Security Bulletin MS03-035:
http://www.microsoft.com/technet/security/bulletin/MS03-035.asp

OTHER REFERENCES:
Knowledge base article discussing the issue:
http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;827653

=2D-=20
"...Linux, MS-DOS, and Windows XP (also known as the Good, the Bad, and
the Ugly)."