| VID |
28052 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix(827653) for 'Macro to Run Automatically Vulnerability due to a flaw in Microsoft Word' has not been applied.
Microsoft Word supports the use of macros that a series of commands and instructions that can be grouped together as a single command to accomplish a task automatically. Since macros are executable code it is possible to misuse them, so Microsoft Word has a security model designed to validate whether a macro should be allowed to execute depending on the level of macro security the user has chosen. However, MS-Word has a vulnerability that allow the macro security checks to be bypassed under certain circumstances because of improperly checking macro security when a document is opened. To exploit this vulnerability, a remote attacker creates a malicious document that could allow a macro to run automatically and then persuades a user to open the specially-crafted document. This can allow an attacker to take any action on the system that the user can take, including adding, changing, or deleting data, running other programs, or formatting the hard disk.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms03-035.asp
* Softwares Affected:
Microsoft Word 97
Microsoft Word 98 (J)
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-035 at http://www.microsoft.com/technet/security/bulletin/ms03-035.asp
1. Open the following page :
For Microsoft Word 2002:
http://microsoft.com/downloads/details.aspx?FamilyId=7D3775FC-F424-4B04-ABEB-9B4CA1EB182D&displaylang=en
http://www.microsoft.com/office/ork/xp/journ/wrd1006a.htm (Administrative update only)
For Microsoft Word 2000:
http://microsoft.com/downloads/details.aspx?FamilyId=4A8F6ACE-E14E-4978-A9C9-6989CD03A4A3&displaylang=en
http://www.microsoft.com/office/ork/xp/journ/wrd0903a.htm (Administrative update only)
2. Select a different language from the drop-down list and click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
For Microsoft Word 97/Microsoft Word 98(J), Information on receiving Microsoft Word 97 & Microsoft Word 98(J) support is available at http://support.microsoft.com/default.aspx?scid=kb;en-us;827647
-- OR --
You can delete and install this security patch from Office Update at http://www.office.microsoft.com/ProductUpdates/default.aspx |
| Related URL |
CVE-2003-0111 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
