Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

More Critical Vulnerability in M$ Office

  • 08-09-2003 7:54pm
    #1
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,581 Mod ✭✭✭✭


    http://www.openoffice.org/ is free and still has no major holes.


    Synopsis - Most versions of most recent M$ office applications can be convinced to auto-run almost anything - by opening an email or by clicking on a sneaky link..

    Also no patch for office 97 as yet...


    From:
    http://www.idg.com.sg/idgwww.nsf/unidlookup/3E5ABCD85FF4176E48256D98002B701B?OpenDocument

    A flaw exists in the way VBA..... potentially allowing an attacker to run code on a victim's computer, http://www.microsoft.com/technet/security/bulletin/MS03-037.asp
    This could be any document type that supports VBA, including ... Access, Excel, PowerPoint and Word in Microsoft Office 97, 2000 and XP/2002 as well as Word 98, Project 2000 and 2002, Publisher 2002, Visio 2000 and 2002, Works Suite 2001, 2002 and 2003 plus several Microsoft Business Solutions products...
    Also, if Word is used as the e-mail editor for Outlook, the default setting in Office XP/2002, an attacker could strike via e-mail. The attack would only be successful if the recipient forwards or replies to the e-mail message, Microsoft said. what about preview or printing ??


    a flaw in Word that could result in macros running automatically, instead of asking the user first or going by the level of macro security a user has set, http://www.microsoft.com/technet/security/bulletin/MS03-035.asp

    The flaw affects Word versions 97, 98, 2000 and XP/2002 as well as the Works Suite versions 2001, 2002 and 2003,


    Also important is a buffer overrun vulnerability in the WordPerfect Converter that is part of Office 97, 2000 and XP/2002 as well as Word 98, FrontPage 2000 and 2002, Publisher 2000 and 2002 and the Works Suite versions 2001, 2002 and 2003, http://www.microsoft.com/technet/security/bulletin/MS03-036.asp - an attacker could craft a special WordPerfect document that would allow code to run on a computer when opened with an application that uses the converter


    Access Snapshot Viewer, a tool used to view Access databases without Access http://www.microsoft.com/technet/security/bulletin/MS03-038.asp
    Access Snapshot Viewer comes as part of all versions of Office, but is not installed by default. It is also offered online so users who do not have Access can still view Access databases,
    The flaw lies in an ActiveX control used by the viewer. To exploit the flaw, an attacker would have to lure a user to a Web page containing special code.


Advertisement