ISS X-Force Database: vba-document-bo(13092): Visual Basic for Applications (VBA) malformed document buffer overflow

Visual Basic for Applications (VBA) malformed document buffer overflow

vba-document-bo (13092)

High Risk

Description:

Visual Basic for Applications (VBA) is vulnerable to a buffer overflow, caused by improper bounds checking of user-supplied input. A remote attacker could create a specially-crafted document that supports VBA to overflow a buffer and execute arbitrary code on the system with privileges of the victim, once the document is opened. An attacker could exploit this vulnerability by hosting the malicious document on a Web page or by sending it to a victim in an email.

Note: A user would only need to reply to or forward the malicious document sent to them for this vulnerability to be exploited, if Microsoft Word is being used as the HTML email editor in Outlook, which is the default setting for Microsoft Office XP.

Consequences:

Gain Access

Remedy:

Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.

— OR —

Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.

References:

BugTraq Mailing List, Wed Sep 03 2003 - 14:29:58 CDT : VBE Document Property Buffer Overflow.
CIAC Information Bulletin N-144: Microsoft Visual Basic Buffer Overrun Vulnerability.
Microsoft Security Bulletin MS03-037: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution (822715).
Microsoft Security Bulletin MS06-047: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645).
Microsoft Security Bulletin MS08-013: Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108).
Microsoft Security Bulletin MS08-014: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029).
Microsoft Security Bulletin MS08-016: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030).
Microsoft Security Bulletin MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207).
Microsoft Security Bulletin MS08-042: Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048).
Microsoft Security Bulletin MS08-043: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066).
Microsoft Security Bulletin MS08-051: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785).
Microsoft Security Bulletin MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593).
Microsoft Security Bulletin MS08-055: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (955047).
Microsoft Security Bulletin MS08-057: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416).
Microsoft Security Bulletin MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420).
Microsoft Security Bulletin MS09-017: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340).
Microsoft Security Bulletin MS09-021: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462).
Microsoft Security Bulletin MS09-062: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488).
Microsoft Security Bulletin MS09-067: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652).
Microsoft Security Bulletin MS10-003: Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214).
Microsoft Security Bulletin MS10-004: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416).
Microsoft Security Bulletin MS10-017: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150).
Microsoft Security Bulletin MS10-017: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150).
Microsoft Security Bulletin MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094).
Microsoft Security Bulletin MS10-031: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213).
Microsoft Security Bulletin MS10-036: Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235.
Microsoft Security Bulletin MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452).
Microsoft Security Bulletin MS10-056: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638).
Microsoft Security Bulletin MS10-057: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707).
Microsoft Security Bulletin MS10-079: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194).
Microsoft Security Bulletin MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930).
Microsoft Security Bulletin MS10-105: Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095).
Microsoft Security Bulletin MS11-008: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879).
Microsoft Security Bulletin MS11-021: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279).
Microsoft Security Bulletin MS11-023: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293).
Microsoft Security Bulletin MS11-029: Vulnerability in GDI+ Could Allow Remote Code Execution (2489979).
Microsoft Security Bulletin MS11-045: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146).
Microsoft Security Bulletin MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893).
Microsoft Security Bulletin MS11-060: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978).
Microsoft Security Bulletin MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505).
Microsoft Security Bulletin MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505).
Microsoft Security Bulletin MS11-072: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505).
Microsoft Security Bulletin MS11-096: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241).
Microsoft Security Bulletin MS11-096: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241).
Microsoft Security Bulletin MS11-096: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241).
Microsoft Security Bulletin MS12-028: Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185).
Microsoft Security Bulletin MS12-029: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352).
Microsoft Security Bulletin MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578).
Microsoft Security Bulletin MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960).
Microsoft Security Bulletin MS12-057: Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2731879).
Microsoft Security Bulletin MS12-064: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319).
Microsoft Security Bulletin MS12-064: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319).
Microsoft Security Bulletin MS12-065: Vulnerability in Microsoft Works Could Allow Remote Code Execution (KB2754670).
Microsoft Security Bulletin MS12-070: Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849).
Microsoft Security Bulletin MS12-079: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642).
Microsoft Security Bulletin MS12-079: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642).
Microsoft Security Bulletin MS13-022: Vulnerability in Silverlight Could Allow Remote Code Execution (2814124).
BID-8534: Microsoft Visual Basic For Applications Document Handling Buffer Overrun Vulnerability
CVE-2003-0347: Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
OSVDB ID: 12652: Microsoft Visual Basic for Applications (VBA) VBE.DLL and VBE6.DLL Long ID Overflow
SA9666: Microsoft Visual Basic for Applications Buffer Overflow
US-CERT VU#804780: Microsoft Visual Basic for Applications (VBA) does not adequately validate document properties

Platforms Affected:

Microsoft Access 2000
Microsoft Access 2002
Microsoft Access 97
Microsoft Business Solutions Dynamics 6.0
Microsoft Business Solutions Dynamics 7.0
Microsoft Business Solutions eEnterprise 6.0
Microsoft Business Solutions eEnterprise 7.0
Microsoft Business Solutions Great Plains 7.5
Microsoft Business Solutions Solomon 4.5
Microsoft Business Solutions Solomon 5.0
Microsoft Business Solutions Solomon 5.5
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 97
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft PowerPoint 97
Microsoft Project 2000
Microsoft Project 2002
Microsoft Publisher 2002
Microsoft Visio 2000
Microsoft Visio 2002
Microsoft Visual Basic 5.0
Microsoft Visual Basic 6.0
Microsoft Visual Basic 6.2
Microsoft Visual Basic 6.3
Microsoft Windows 2003 Server
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 97
Microsoft Word 98 ja
Microsoft Works 2001
Microsoft Works 2002
Microsoft Works 2003

Reported:

Sep 03, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page