Microsoft KB Archive/822715

= MS03-037: Flaw in Visual Basic for Applications could allow arbitrary code execution =

Article ID: 822715

Article Last Modified on 12/4/2007

-

APPLIES TO

 Microsoft Visual Basic for Applications (VBA) Software Development Kit (SDK) 5.0 Microsoft Visual Basic for Applications (VBA) Software Development Kit (SDK) 6.0 Microsoft Visual Basic for Applications (VBA) Software Development Kit (SDK) 6.1 Microsoft Access 97 Standard Edition Microsoft Access 2000 Standard Edition Microsoft Access 2002 Standard Edition Microsoft Excel 2000 Standard Edition Microsoft Excel 2002 Standard Edition</li> Microsoft Excel 97 Standard Edition</li> Microsoft PowerPoint 2000 Standard Edition</li> Microsoft PowerPoint 2002 Standard Edition</li> Microsoft PowerPoint 97 Standard Edition</li> Microsoft Project 2000 Standard Edition</li> Microsoft Project 2002 Standard Edition</li> Microsoft Publisher 2002 Standard Edition</li> Microsoft Visio 2000 Enterprise Edition</li> Microsoft Visio 2000 Professional Edition</li> Microsoft Visio 2000 Standard Edition</li> Microsoft Visio 2000 Technical Edition</li> Microsoft Visio 2002 Professional Edition</li> Microsoft Visio 2002 Standard Edition</li> Microsoft Word 2000 Standard Edition</li> Microsoft Word 2002 Standard Edition</li> Microsoft Word 97 Standard Edition</li> <li>Microsoft Word 98 Standard Edition</li> <li>Microsoft Works Suite 2001</li> <li>Microsoft Works Suite 2002</li> <li>Microsoft Works Suite 2003</li> <li>Microsoft Office 2000 Premium Edition</li> <li>Microsoft Office 2000 Professional Edition</li> <li>Microsoft Office 2000 Standard Edition</li> <li>Microsoft Office XP Professional Edition</li> <li>Microsoft Office XP Standard Edition</li> <li>Microsoft Business Solutions–Great Plains Human Resources, when used with: <ul> <li>Great Plains Dynamics 6.0</li></ul>

<ul> <li>Great Plains eEnterprise 6.0</li></ul> </li> <li>Microsoft Great Plains Dynamics 7.0</li> <li>Microsoft Great Plains eEnterprise 7.0</li> <li>Microsoft Business Solutions–Great Plains 7.5</li> <li>Microsoft Business Solutions-Solomon 4.5</li> <li>Microsoft Great Plains Solomon IV 5.0</li></ul>

-

<div class="notice_section">

<div class="notice_section">

The information in this article affects the products that are listed in the &quot;Applies To&quot; section of this article.

<div class="symptoms_section">

SYMPTOMS
Microsoft Visual Basic for Applications (VBA) is based on the Microsoft Visual Basic development system. Microsoft Office products include VBA and use it to perform certain functions. You can use VBA to build customized programs that are based on an existing host program.

A flaw exists in the way VBA checks document properties passed to it when a document is opened by the host program. A buffer overrun exists which, if exploited successfully, could allow an attacker to execute code of their choice in the context of the logged on user.

For an attack to be successful, the logged on user would have to open a specially crafted document that was sent to them by an attacker. This document could be any type of document that supports VBA, such as a Microsoft Word document, a Microsoft Excel spreadsheet, or a Microsoft PowerPoint presentation. If Word is being used as the HTML e-mail editor for Microsoft Outlook, this document could be an e-mail message. However, the logged on user must reply to or forward the malicious e-mail message for the vulnerability to be exploited.

Mitigating factors
 * Logged-on users must open a document that is sent to them by an attacker for this vulnerability to be exploited.
 * If Word is being used as the HTML e-mail editor in Outlook, users must reply to or forward a malicious e-mail message that was sent to them by the attacker for this vulnerability to be exploited.
 * An attacker's code could only run with the same rights as the logged-on user. The specific privileges that the attacker could gain through this vulnerability would therefore depend on the privileges that are granted to the user who is logged on. Any limitations on the account of the user who is logged on, such as those applied through Group Policies, would also limit the actions of any arbitrary code that is executed by this vulnerability.

<div class="resolution_section">

Download and installation information
If you are using any of the following programs, you should apply the VBA version of this patch:
 * Microsoft VBA 5.0
 * Microsoft VBA 6.0
 * Microsoft VBA 6.2
 * Microsoft VBA 6.3
 * Microsoft Access 97
 * Microsoft Excel 97
 * Microsoft PowerPoint 97
 * Microsoft Word 97
 * Microsoft Word 98(J)
 * Microsoft Works 2001
 * Microsoft Works 2002
 * Microsoft Works Suite 2003
 * Microsoft Business Solutions Great Plains 7.5
 * Microsoft Business Solutions Great Plains 7.0
 * Microsoft Business Solutions Great Plains 6.0
 * Microsoft Business Solutions Solomon IV 4.5
 * Microsoft Business Solutions Solomon IV 5.0
 * Microsoft Business Solutions Solomon IV 5.5

For more information about the Microsoft VBA patch, click the following article number to view the article in the Microsoft Knowledge Base:

822150 Availability of the Microsoft VBA security update for MS03-037

If you are using any of the following programs, you should apply the specific version of the patch for those products.
 * Microsoft Project 2000
 * Microsoft Project 2002
 * Microsoft Visio 2002

For more information about these security patches, click the following article numbers to view the articles in the Microsoft Knowledge Base:

822211 Description of the Microsoft Project 2002 security patch: September 3, 2003

822212 Description of the Visio 2002 security patch: September 3, 2003

If you are using any of the following programs, you should apply the specific version of the patch for those products.
 * Microsoft Office 2000
 * Microsoft Office XP (including Microsoft Publisher 2002)

For more information about these security patches, click the following article numbers to view the articles in the Microsoft Knowledge Base:

822036 Description of the Office XP security patch: September 3, 2003

822035 Description of the Office 2000 security patch: September 3, 2003

Removal information
You cannot remove this patch.

Patch replacement information
This patch does not replace any other hotfixes.

<div class="references_section">