Microsoft Security Bulletin MS03-037
Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution (822715)
Originally posted: September 03, 2003
Updated: November 24, 2003
Who should read this bulletin:
Customers using Microsoft ® Office applications or applications that use Microsoft Visual Basic® for Applications.
Impact of vulnerability:
Allow attacker to execute arbitrary code.
Maximum Severity Rating:
Customers using Microsoft ® Office applications or Microsoft Visual Basic for Applications should apply the patch at the earliest available opportunity.
End User Bulletin:
An end user version of this bulletin is available at:
- Microsoft Visual Basic for Applications SDK 5.0
- Microsoft Visual Basic for Applications SDK 6.0
- Microsoft Visual Basic for Applications SDK 6.2
- Microsoft Visual Basic for Applications SDK 6.3
Products which Include the Affected Software:
- Microsoft Access 97
- Microsoft Access 2000
- Microsoft Access 2002
- Microsoft Excel 97
- Microsoft Excel 2000
- Microsoft Excel 2002
- Microsoft PowerPoint 97
- Microsoft PowerPoint 2000
- Microsoft PowerPoint 2002
- Microsoft Project 2000
- Microsoft Project 2002
- Microsoft Publisher 2002
- Microsoft Visio 2000
- Microsoft Visio 2002
- Microsoft Word 97
- Microsoft Word 98(J)
- Microsoft Word 2000
- Microsoft Word 2002
- Microsoft Works Suite 2001
- Microsoft Works Suite 2002
- Microsoft Works Suite 2003
- Microsoft Works Suite 2004
- Microsoft Business Solutions Great Plains 7.5
- Microsoft Business Solutions Dynamics 6.0
- Microsoft Business Solutions Dynamics 7.0
- Microsoft Business Solutions eEnterprise 6.0
- Microsoft Business Solutions eEnterprise 7.0
- Microsoft Business Solutions Solomon 4.5
- Microsoft Business Solutions Solomon 5.0
- Microsoft Business Solutions Solomon 5.5
- Microsoft Knowledge Base article 822715 discusses this issue. Knowledge Base articles can be found on the Microsoft Online Support web site.
- Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.
Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (September 03, 2003): Bulletin Created.
- V1.1 (November 24, 2003): Added Microsoft Works Suite 2004 to affected products.