11.12.2003 - MS03-050: Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)
A security vulnerability exists in Microsoft Excel that could allow malicious code execution. This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. If an affected spreadsheet was opened, this vulnerability could allow a malicious macro embedded in the file to be executed automatically, regardless of the level at which the macro security is set. The malicious macro could then take the same actions that the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.
A security vulnerability exists in Microsoft Word that could allow malicious code execution. This vulnerability exists due to to the way Word checks the length of a data value (Macro names) embedded in a document. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed. If successfully exploited, an attacker could then take the same actions as the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.
- Download Excel 97 Patch
- Download Excel 2000 Patch
- Download Excel 2002 Patch
- Download Word 97 Patch
- Download Word 98(J) Patch
- Download Word 2000 and Works Suite 2001 Patch
- Download Word 2002, Works Suite 2002, Works Suite 2003, and Works Suite 2004 Patch
- View Microsoft Knowledge Base Article - 831527
- View Microsoft Security Bulletin
- View Microsoft End User Security Bulletin
- Visit Microsoft Corporation