TITLE: Microsoft Visual Basic for Applications Buffer Overflow SECUNIA ADVISORY ID: SA21408
VERIFY ADVISORY: http://secunia.com/advisories/21408/ CRITICAL: Extremely critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Works Suite 2006 http://secunia.com/product/8712/ Microsoft Works Suite 2005 http://secunia.com/product/8711/ Microsoft Works Suite 2004 http://secunia.com/product/3897/ Microsoft Visual Basic for Applications SDK 6.x http://secunia.com/product/2148/ Microsoft Visio 2002 http://secunia.com/product/1091/ Microsoft Project 2002 http://secunia.com/product/157/ Microsoft Project 2000 http://secunia.com/product/158/ Microsoft Office XP http://secunia.com/product/23/ Microsoft Office 2000 http://secunia.com/product/24/ Microsoft Access 2000 http://secunia.com/product/36/ DESCRIPTION: A vulnerability has been reported in Microsoft Visual Basic for Applications, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the way document properties are passed from a host application when opening a document and can be exploited to cause a buffer overflow. Successful exploitation allows execution of arbitrary code when a user e.g. opens a specially crafted Office document or visits a malicious website. NOTE: According to the vendor, the vulnerability is being actively exploited in the wild. SOLUTION: Apply patches. Microsoft Office 2000 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=837A4FA9-FABC-4119-9AAF-2C8663029D2B Microsoft Project 2000 SR1: http://www.microsoft.com/downloads/details.aspx?FamilyId=744DD25D-B9A7-4E30-B64E-1C9BB0F87D90 Microsoft Access 2000 Runtime SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=ED5A8C40-C592-4299-AFB2-5F0F6E2B1DCD Microsoft Office XP SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Project 2002 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=62EF50AA-6061-4185-9713-F8C31B195103 Microsoft Visio 2002 SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=43525B6A-58B7-49C7-88D8-4983D1614A96 Microsoft Works Suite 2004: http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Works Suite 2005: http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Works Suite 2006: http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Visual Basic for Applications SDK 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 Microsoft Visual Basic for Applications SDK 6.2: http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 Microsoft Visual Basic for Applications SDK 6.3: http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 Microsoft Visual Basic for Applications SDK 6.4: http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 ORIGINAL ADVISORY: MS06-047 (KB921645): http://www.microsoft.com/technet/security/Bulletin/MS06-047.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
