---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Microsoft Visual Basic for Applications Buffer Overflow SECUNIA ADVISORY ID: SA21408 VERIFY ADVISORY: http://secunia.com/advisories/21408/ CRITICAL: Extremely critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Works Suite 2006 http://secunia.com/product/8712/ Microsoft Works Suite 2005 http://secunia.com/product/8711/ Microsoft Works Suite 2004 http://secunia.com/product/3897/ Microsoft Visual Basic for Applications SDK 6.x http://secunia.com/product/2148/ Microsoft Visio 2002 http://secunia.com/product/1091/ Microsoft Project 2002 http://secunia.com/product/157/ Microsoft Project 2000 http://secunia.com/product/158/ Microsoft Office XP http://secunia.com/product/23/ Microsoft Office 2000 http://secunia.com/product/24/ Microsoft Access 2000 http://secunia.com/product/36/ DESCRIPTION: A vulnerability has been reported in Microsoft Visual Basic for Applications, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the way document properties are passed from a host application when opening a document and can be exploited to cause a buffer overflow. Successful exploitation allows execution of arbitrary code when a user e.g. opens a specially crafted Office document or visits a malicious website. NOTE: According to the vendor, the vulnerability is being actively exploited in the wild. SOLUTION: Apply patches. Microsoft Office 2000 SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=837A4FA9-FABC-4119-9AAF-2C8663029D2B Microsoft Project 2000 SR1: http://www.microsoft.com/downloads/details.aspx?FamilyId=744DD25D-B9A7-4E30-B64E-1C9BB0F87D90 Microsoft Access 2000 Runtime SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=ED5A8C40-C592-4299-AFB2-5F0F6E2B1DCD Microsoft Office XP SP3: http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Project 2002 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=62EF50AA-6061-4185-9713-F8C31B195103 Microsoft Visio 2002 SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=43525B6A-58B7-49C7-88D8-4983D1614A96 Microsoft Works Suite 2004: http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Works Suite 2005: http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Works Suite 2006: http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C Microsoft Visual Basic for Applications SDK 6.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 Microsoft Visual Basic for Applications SDK 6.2: http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 Microsoft Visual Basic for Applications SDK 6.3: http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 Microsoft Visual Basic for Applications SDK 6.4: http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3 PROVIDED AND/OR DISCOVERED BY: The vendor credits Ka Chun Leung, Symantec. ORIGINAL ADVISORY: MS06-047 (KB921645): http://www.microsoft.com/technet/security/Bulletin/MS06-047.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------