MS03-035

[<mars577986 () hotmail com>]

Greetings all:

I am working on trying to learn more about this exploit for a networking class at school. Has anyone been able to 
develop a successful exploit for this vulnerability? As usual the Microsoft security bulletin was extremely vague in 
terms of actual technical details regarding this vulnerability but I can't really say that I blame them.

What I am most interested in is, Jim Basset says that he noticed all documents developed from an "unusual template" as 
he put it were able to bypass macro security. Does this mean that the bypass only occurs if the template and malicious 
document were on the same system? To my meager intellect, it would appear as such.

If it helps, I had filemon open while I tried to apply the patch and noticed that the most obvious thing that was being 
written to was in fact winword.exe itself. I would then venture that this is where the problem lies, the darn thing is 
at least 8 MB in size.

Oh well, perhaps one of you folks knows some more about this.

mars