Microsoft Word Macro Name Overflow

2003-10-16T07:40:33
ID OSVDB:2751
Type osvdb
Reporter OSVDB
Modified 2003-10-16T07:40:33

Description

Vulnerability Description

A remote overflow exists in Microsoft Word as an attacker can create a Word document containing a long macro name. This would overflow a buffer and allow the attacker to execute arbitrary code on the system, change data or security settings, once the victim opens the document. An attacker could exploit this vulnerability by creating a malicious Web page or by sending it to a victim as an HTML email.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Microsoft Word as an attacker can create a Word document containing a long macro name. This would overflow a buffer and allow the attacker to execute arbitrary code on the system, change data or security settings, once the victim opens the document. An attacker could exploit this vulnerability by creating a malicious Web page or by sending it to a victim as an HTML email.

References:

Vendor Specific Solution URL: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/Bulletin/MS03-050.asp Secunia Advisory ID:10020 Other Advisory URL: http://www.security.nnov.ru/search/document.asp?docid=5243 Microsoft Security Bulletin: MS03-050