[luau] Vulnerabilities in MS Office
Hawaii Linux Institute
wp at HawaiiLinux.us
Fri Sep 5 07:14:01 PDT 2003
*Most Linux developers don't pay much attention to Microsoft
applications products. However, recent reports have re-confirmed what
we WordPerfect users have known all along--i.e., Microsoft Office is a
very unsafe product:
The following is an example of the recent report:
"Microsoft issued another flock of security alerts Wednesday, including
notice of a "critical" flaw that affects many of its Office applications.*
"The most serious flaw, in the Visual Basic for Applications (VBA)
software, could allow an attacker to gain control of a vulnerable PC.
VBA is used to develop desktop applications that tie into other
Microsoft products.
"As detailed in Microsoft's security bulletin
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-037.asp>,
a malicious user could create a document with a VBA application that's
designed to overflow the buffer--the chunk of memory that's allocated to
a program--and then run other code.
"The flaw affects recent versions of Office applications that support
VBA scripting, including the 2002, 2000 and 97 versions of Access,
Excel, PowerPoint and Word. It can also be used with Project 2002 and
2000, Visio 2002 and 2000 and Works Suite 2002, 2001 and 2000. Several
applications sold under Microsoft's Business Solutions brand also are at
risk, including version 7.5 of the Great Plains accounting software.
. . ."
http://news.com.com/2100-1009_3-5070929.html?tag=cd_mh
Ironically, the safest way to run Microsoft Office (if you have to, but
no one can deny that MS Office is a very feature-rich program) is to run
it in Linux under WINE.
Wayne
More information about the LUAU
mailing list