Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution

A flaw exists in the way VBA checks document properties passed to it when a document is opened by the host program. A buffer overrun exists which, if exploited successfully, could allow an attacker to execute code of their choice in the context of the logged on user.

Visual Basic for Applications SDK 5.0, 6.0, 6.2, and 6.3
Office 97, 2000, and XP
Word 98 (J)
Visio® 2000 and 2002
Project 2000 and 2002
Publisher 2002
Works Suite 2001, 2002, and 2003
Business Solutions Great Plains® 7.5
Business Solutions Dynamics® 6.0 and 7.0
Business Solutions eEnterprise® 6.0 and 7.0
Business Solutions Solomon® 4.5, 5.0, and 5.5

Severity level: Critical

View: Microsoft Security Bulletin MS03-037 & download locations

View: Microsoft Knowledge Base Article - 822715