Microsoft Visual Basic for Applications Remote Code Execution Vulnerability (MS06-047)

Technical Description



A vulnerability has been identified in Visual Basic for Applications(VBA), which could be exploited by remote attackers to take completecontrol of an affected system. This flaw is due to a buffer overflowerror when handling malformed document properties, which could beexploited by remote attackers to execute arbitrary commands by trickinga user into opening a malicious document (e.g. Word document or Excelspreadsheet).



Affected Products



Microsoft Office 2000 Service Pack 3

Microsoft Project 2000 Service Release 1

Microsoft Access 2000 Runtime Service Pack 3

Microsoft Office XP Service Pack 3

Microsoft Project 2002 Service Pack 1

Microsoft Visio 2002 Service Pack 2

Microsoft Works Suite 2004

Microsoft Works Suite 2005

Microsoft Works Suite 2006

Microsoft Visual Basic for Applications SDK 6.0

Microsoft Visual Basic for Applications SDK 6.2

Microsoft Visual Basic for Applications SDK 6.3

Microsoft Visual Basic for Applications SDK 6.4



Solution



Apply patches :

http://www.microsoft.com/technet/security/Bulletin/MS06-047.mspx