Microsoft Visual Basic for Applications (VBA) contains a buffer overflow when validating document properties. This vulnerability could allow an attacker to execute arbitrary code with the privileges of the user running VBA.
From Microsoft Security Bulletin MS03-037:
Microsoft VBA is a development technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft VBA is based on the Microsoft Visual Basic development system. Microsoft Office products include VBA and make use of VBA to perform certain functions. VBA can also be used to build customized applications based around an existing host application.
By convincing a victim to open a specially crafted document, an attacker could execute arbitrary code with the privileges of the victim.
Microsoft credits eEye Digital Security with discovering and reporting this vulnerability. Information used in this document came from Microsoft and eEye Digital Security.
This document was written by Art Manion.
|Date First Published:||2003-09-15|
|Date Last Updated:||2003-09-15 17:05 UTC|