RNP > Serviços > Segurança em redes > Alertas do CAIS

Microsoft Security Bulletin MS03-037

Vulnerabilidade no Microsoft Visual Basic for Applications (822715)

[Microsoft, 03.09.2003, revisão 01]

O CAIS está repassando o alerta da Microsoft, Microsoft Security Bulletin MS03-037: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution (822715), que trata de uma vulnerabilidade no Microsoft Visual Basic for Applications (VBA), software amplamente utilizado por produtos da Microsoft.

Sistemas afetados:

Microsoft Visual Basic for Applications SDK 5.0
Microsoft Visual Basic for Applications SDK 6.0
Microsoft Visual Basic for Applications SDK 6.2
Microsoft Visual Basic for Applications SDK 6.3

Produtos que incluem o software afetado pela vulnerabilidade em questão:

Microsoft Access 97
Microsoft Access 2000
Microsoft Access 2002
Microsoft Excel 97
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft PowerPoint 97
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft Project 2000
Microsoft Project 2002
Microsoft Publisher 2002
Microsoft Visio 2000
Microsoft Visio 2002
Microsoft Word 97
Microsoft Word 98(J)
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Business Solutions Great Plains 7.5
Microsoft Business Solutions Dynamics 6.0
Microsoft Business Solutions Dynamics 7.0
Microsoft Business Solutions eEnterprise 6.0
Microsoft Business Solutions eEnterprise 7.0
Microsoft Business Solutions Solomon 4.5
Microsoft Business Solutions Solomon 5.0
Microsoft Business Solutions Solomon 5.5

Correções disponíveis:

A correção consiste na aplicação dos patches recomendados pela Microsoft e disponíveis em:

Microsoft Office 2000:
http://microsoft.com/downloads/details.aspx?FamilyId

Administrative update only:
http://www.microsoft.com/office/ork/xp/journ/o2k0901a.htm

Microsoft Office XP (including Publisher 2002):
http://microsoft.com/downloads/details.aspx?FamilyId

Administrative update only:
http://www.microsoft.com/office/ork/xp/journ/oxp1001a.htm

Microsoft Project 2000:
http://microsoft.com/downloads/details.aspx?FamilyId

Microsoft Project 2002:
http://microsoft.com/downloads/details.aspx?FamilyId

Microsoft Visio 2002:
http://microsoft.com/downloads/details.aspx?FamilyId

Microsoft VBA Patch:
http://microsoft.com/downloads/details.aspx?FamilyId

A correção do Microsoft VBA pode ser instalada nos seguintes produtos:

Microsoft VBA 5.0
Microsoft VBA 6.0
Microsoft VBA 6.2
Microsoft VBA 6.3.
Microsoft Access 97
Microsoft Excel 97
Microsoft PowerPoint 97
Microsoft Word 97
Microsoft Word 98(J)
Microsoft Visio 2000
Microsoft Works Suite 2001
Microsoft Business Solutions Great Plains 7.5
Microsoft Business Solutions Dynamics 6.0
Microsoft Business Solutions Dynamics 7.0
Microsoft Business Solutions eEnterprise 6.0
Microsoft Business Solutions eEnterprise 7.0
Microsoft Business Solutions Solomon 4.5
Microsoft Business Solutions Solomon 5.0
Microsoft Business Solutions Solomon 5.5

É recomendado que os usuários do Microsoft Office consultem o Office Update, um serviço análogo ao conhecido Windows Update e disponivel em:

http://www.office.microsoft.com/ProductUpdates/default.aspx

Maiores informações:

http://www.microsoft.com/technet/security/bulletin/ms03-037.asp

Identificador do CVE:

CAN-2003-0347 (http://cve.mitre.org)

O CAIS recomenda fortemente aos administradores de plataformas Microsoft que mantenham seus sistemas e aplicativos sempre atualizados.

Contato com o Cais:

+55 (19) 3787-3300
+55 (19) 3787-3301

cais@cais.rnp.br

Chave PGP pública do Cais