Microsoft has announced in MS03-035 that an important flaw in Microsoft Word could allow macros to run automatically. The vulnerability affects:
- Microsoft Word, all versions
- Microsoft Works Suite, all versions
Further Details: Microsoft Security Bulletin MS03-035
A second vulnerability, this one also important, is a buffer overflow bug in one of the Office converters. It affects:
- Microsoft Office (all versions)
- Microsoft FrontPage (all versions)
- Microsoft Publisher (all versions)
- Microsoft Works Suite (all versions)
Further Details: Microsoft Security Bulletin MS03-036
Another security bulletin, MS03-037, announces a critical flaw in Visual Basic for Applications that could allow arbitrary code execution. The affected products are:
- Microsoft Access 97
- Microsoft Access 2000
- Microsoft Access 2002
- Microsoft Excel 97
- Microsoft Excel 2000
- Microsoft Excel 2002
- Microsoft PowerPoint 97
- Microsoft PowerPoint 2000
- Microsoft PowerPoint 2002
- Microsoft Project 2000
- Microsoft Project 2002
- Microsoft Publisher 2002
- Microsoft Visio 2000
- Microsoft Visio 2002
- Microsoft Word 97
- Microsoft Word 98(J)
- Microsoft Word 2000
- Microsoft Word 2002
- Microsoft Works Suite 2001
- Microsoft Works Suite 2002
- Microsoft Works Suite 2003
- Microsoft Business Solutions Great Plains 7.5
- Microsoft Business Solutions Dynamics 6.0
- Microsoft Business Solutions Dynamics 7.0
- Microsoft Business Solutions eEnterprise 6.0
- Microsoft Business Solutions eEnterprise 7.0
- Microsoft Business Solutions Solomon 4.5
- Microsoft Business Solutions Solomon 5.0
- Microsoft Business Solutions Solomon 5.5
Further Details: Microsoft Security Bulletin MS03-037
MS03-038 announces a buffer overflow vulnerability that may allow an attacker to run the code of their choice in Access. This flaw affects:
- Microsoft Access (all versions)
Further Details: Microsoft Security Bulletin MS03-038