===================================================================== CERT-Renater Note d'Information No. 2006/VULN439 _____________________________________________________________________ DATE : 09/08/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Microsoft Office 2000 et XP; Microsoft Project 2000 et 2002; Microsoft Access 2000; Microsoft Visio 2002; Microsoft Works 2004, 2005 et 2006; Microsoft Visual Basic SDK 6.X ====================================================================== MS06-047 - Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) - Affected Software: - Microsoft Office 2000 Service Pack 3 - Microsoft Project 2000 Service Release 1 - Microsoft Access 2000 Runtime Service Pack 3 - Microsoft Office XP Service Pack 3 - Microsoft Project 2002 Service Pack 1 - Microsoft Visio 2002 Service Pack 2 - Microsoft Works Suite 2004, 2005, 2006 - Microsoft Visual Basic for Applications SDK 6.0, 6.2, 6.3, 6.4 - Impact: Remote Code Execution - Version Number: 1.0 - - From the Microsoft Security Bulletin MS05-047: Visual Basic for Applications Vulnerability - CVE-2006-3649 A remote code execution vulnerability exists in the way that Visual Basic for Applications (VBA) checks the document properties that a host application passes to it when opening a document. This vulnerability could allow an attacker who successfully exploited the vulnerability to take complete control of the affected system. ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================