If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)

Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

More Critical Vulnerability in M$ Office

Capt'n Midnight · 2003-09-08 19:54:37

http://www.openoffice.org/ is free and still has no major holes. Synopsis - Most versions of most recent M$ office applications can be convinced to auto-run almost anything - by opening an email or by clicking on a sneaky link.. Also no patch for office 97 as yet... From:…

Options

08-09-2003 8:54pm

#1

Capt'n Midnight

Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 91,761 Mod ✭✭✭✭

Join Date: March 2003

Posts: 89999

http://www.openoffice.org/ is free and still has no major holes.

Synopsis - Most versions of most recent M$ office applications can be convinced to auto-run almost anything - by opening an email or by clicking on a sneaky link..

Also no patch for office 97 as yet...

From:
http://www.idg.com.sg/idgwww.nsf/unidlookup/3E5ABCD85FF4176E48256D98002B701B?OpenDocument

A flaw exists in the way VBA..... potentially allowing an attacker to run code on a victim's computer, http://www.microsoft.com/technet/security/bulletin/MS03-037.asp
This could be any document type that supports VBA, including ... Access, Excel, PowerPoint and Word in Microsoft Office 97, 2000 and XP/2002 as well as Word 98, Project 2000 and 2002, Publisher 2002, Visio 2000 and 2002, Works Suite 2001, 2002 and 2003 plus several Microsoft Business Solutions products...
Also, if Word is used as the e-mail editor for Outlook, the default setting in Office XP/2002, an attacker could strike via e-mail. The attack would only be successful if the recipient forwards or replies to the e-mail message, Microsoft said. what about preview or printing ??

a flaw in Word that could result in macros running automatically, instead of asking the user first or going by the level of macro security a user has set, http://www.microsoft.com/technet/security/bulletin/MS03-035.asp

The flaw affects Word versions 97, 98, 2000 and XP/2002 as well as the Works Suite versions 2001, 2002 and 2003,

Also important is a buffer overrun vulnerability in the WordPerfect Converter that is part of Office 97, 2000 and XP/2002 as well as Word 98, FrontPage 2000 and 2002, Publisher 2000 and 2002 and the Works Suite versions 2001, 2002 and 2003, http://www.microsoft.com/technet/security/bulletin/MS03-036.asp - an attacker could craft a special WordPerfect document that would allow code to run on a computer when opened with an application that uses the converter

Access Snapshot Viewer, a tool used to view Access databases without Access http://www.microsoft.com/technet/security/bulletin/MS03-038.asp
Access Snapshot Viewer comes as part of all versions of Office, but is not installed by default. It is also offered online so users who do not have Access can still view Access databases,
The flaw lies in an ActiveX control used by the viewer. To exploit the flaw, an attacker would have to lure a user to a Web page containing special code.

0