Microsoft Patches Five Security Flaws

[InfoSec News <isn () c4i org>]

Forwarded from: Marjorie Simmons <lawyer () carpereslegalis com>

http://www.betanews.com/print.php3?sid=1062663635

September 4th, 2003
By: David Worthington
BetaNews

Microsoft on Wednesday let loose a slew of security bulletins, the
worst of the bunch affecting Office users. Of the five flaws, only one
was deemed "critical." It allows a buffer overflow in the Visual Basic
for Applications Software Development Kit, leaving 29 products
vulnerable including the software giant's aligned productivity
solution Microsoft Works.

Two other flaws are labeled "important." The first deals with
Microsoft's WordPerfect document converter built into all supported
versions of FrontPage, Office, Publisher and Works, while the second
allows a Macro to run automatically without user intervention.

Office 2003 is not at risk from any of the vulnerabilities.

A less severe "moderate" bulletin warns of a potential buffer overflow
in the Access Snapshot Viewer.

Finally, a "low" risk assessment is placed on a NETBIOS issue that
could allow a malicious user to view data on a target machine. Every
NT based version of Windows from 4.0 to Windows Server 2003 is
affected. However, both Windows XP and Windows Server 2003 are
shielded by the Internet Connection Firewall found in each operating
system.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.