| VID |
28064 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Microsoft Word or Excel installed on the system has a flaw which allows arbitrary code to be run. Security vulnerabilities below exist in Microsoft Word and Excel that could allow malicious code execution:
1. The vulnerability in Microsoft Excel exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. If an affected spreadsheet was opened, this vulnerability could allow a malicious macro embedded in the file to be executed automatically, regardless of the level at which the macro security is set.
2. The vulnerability in Microsoft Word exists due to the way Word checks the length of a data value (Macro names) embedded in a document. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed.
An attacker could exploit these vulnerabilities by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email. If successfully exploited, an attacker could then take the same actions as the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms03-050.asp
http://archives.neohapsis.com/archives/bugtraq/2003-10/0163.html
* Platforms Affected:
Microsoft Excel 97, 2000, 2002
Microsoft Word 97, 98(J), 2000, 2002
Microsoft Works Suite 2001, 2002, 2003, 2004
Windows Any version |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-050 at http://www.microsoft.com/technet/security/bulletin/MS03-050.asp
1. Open the following page :
For Microsoft Excel 97:
http://www.microsoft.com/downloads/details.aspx?FamilyId=927F8F0C-DB5A-4601-A628-2C3A1ED5D51B
For Microsoft Excel 2000:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9904B2A6-0CF0-4CF2-AAE0-062BDD7417D5
For Microsoft Excel 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=FAB7259D-80B2-40E6-A235-581617287560
For Microsoft Word 97:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5261EF7F-CC89-403C-949F-5F423E68C7AF
For Microsoft Word 98(J):
http://www.microsoft.com/downloads/details.aspx?FamilyId=75B9C39D-E6BD-4CE4-BD89-6F7B5AF2BDB1
For Microsoft Word 2000 and Microsoft Works Suite 2001:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D2BD626E-401B-4FC7-BBAC-2C6B6E66D984
For Microsoft Word 2002, Microsoft Works Suite 2002, 2003 and 2004:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B9B4E491-0B33-423A-8FEE-27059A29B604
2. Select a different language from the drop-down list and click <Go> button.
3. Click <Download> button to download this patch file.
* Verifying patch installation:
Excel 97 for Windows:
Verify that the version number of excel.exe is 8.0.1.9904.
Excel 2000 for Windows:
Verify that the version number of excel.exe is 9.0.08216.
Excel 2002 for Windows:
Verify that the version number of excel.exe is 10.0.5815.0.
Word 97 for Windows:
Verify that the version number of winword.exe is 8.0.0.9315.
Word 98(J) for Windows:
Verify that the version number of winword.exe is 8.0.0.9716.
Word 2000 for Windows:
Verify that the version number of winword.exe is 9.0.0.8216.
Word 2002 for Windows:
Verify that the version number of winword.exe is 10.0.5815.0. |
| Related URL |
CVE-2002-0616,CVE-2002-0617,CVE-2002-0618,CVE-2002-0619 (CVE) |
| Related URL |
4821 (SecurityFocus) |
| Related URL |
(ISS) |
|
