Alert: Microsoft Security Bulletin MS03-050 - Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 11/11/03

  • Next message: Russ: "Alert: Microsoft Security Bulletin MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)" 
    Date:         Tue, 11 Nov 2003 16:55:45 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Microsoft Security Bulletin MS03-050:
    Vulnerability in Microsoft Word and Microsoft Excel Could Allow
    Arbitrary Code to Run (831527)

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS03-050.asp

    Summary:
     Version Number: V1.0
     Revision Date: 11-11-2003
     Impact of Vulnerability: Run code of attackers choice
     Maximum Severity Rating: Important
     Patch(es) Replaced:

     * Excel: This patch replaces the security patches contained in the
    following bulletins: MS01-050, MS02-031 and MS02-059.
     * Word: This patch replaces the security patches contained in the
    following bulletins: MS02-021,MS02-031, MS02-059 and MS03-035.

     Caveats: None
     CVE Number(s): CAN-2003-0820,CAN-2003-0821

    Tested Software:
     Affected Software:
     * Microsoft Excel 97
    <http://www.ntbugtraq.com/link/927F8F0C-DB5A-4601-A628-2C3A1ED5D51B.asp>
     * Microsoft Excel 2000
    <http://www.ntbugtraq.com/link/9904B2A6-0CF0-4CF2-AAE0-062BDD7417D5.asp>
     * Microsoft Excel 2002
    <http://www.ntbugtraq.com/link/FAB7259D-80B2-40E6-A235-581617287560.asp>
     * Microsoft Word 97
    <http://www.ntbugtraq.com/link/5261EF7F-CC89-403C-949F-5F423E68C7AF.asp>
     * Microsoft Word 98(J)
    <http://www.ntbugtraq.com/link/75B9C39D-E6BD-4CE4-BD89-6F7B5AF2BDB1.asp>
     * Microsoft Word 2000 and Microsoft Works Suite 2001
    <http://www.ntbugtraq.com/link/D2BD626E-401B-4FC7-BBAC-2C6B6E66D984.asp>
     * Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works
    Suite 2003, and Microsoft Works Suite 2004
    <http://www.ntbugtraq.com/link/B9B4E491-0B33-423A-8FEE-27059A29B604.asp>

     Software Not Affected:
     * Microsoft Office Word 2003
     * Microsoft Office Excel 2003

    Technical Description:

    A security vulnerability exists in Microsoft Excel that could allow
    malicious code execution. This vulnerability exists because of the
    method Excel uses to check the spread*** before reading the macro
    instructions. If successfully exploited, an attacker could craft a
    malicious file that could bypass the macro security model. If an
    affected spread*** was opened, this vulnerability could allow a
    malicious macro embedded in the file to be executed automatically,
    regardless of the level at which the macro security is set. The
    malicious macro could then take the same actions that the user had
    permissions to carry out, such as adding, changing or deleting data or
    files, communicating with a web site or formatting the hard drive.

    A security vulnerability exists in Microsoft Word that could allow
    malicious code execution. This vulnerability exists due to to the way
    Word checks the length of a data value (Macro names) embedded in a
    document. If a specially crafted document were to be opened it could
    overflow a data value in Word and allow arbitrary code to be executed.
    If successfully exploited, an attacker could then take the same actions
    as the user had permissions to carry out, such as adding, changing or
    deleting data or files, communicating with a web site or formatting the
    hard drive.

    This email is sent to NTBugtraq automagically as a service to my
    subscribers. (v2.0)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor 

    ----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----
  • Next message: Russ: "Alert: Microsoft Security Bulletin MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)"