Bugs and Fixes: Problems All Around With Microsoft Software

By Stuart J. Johnston, PCW Print Oct 29, 2003 1:00 AM

Illustration: Tomer HanukaMonth after month, I report on the latest problems with Internet Explorer and Windows. You might think that these are the only pieces of software at risk, and they are often under constant scrutiny (see "In Brief"). But don't assume that you're covered after plugging holes in the usual suspects. This month, Microsoft Office is vulnerable--along with a host of other programs--due to three newly discovered holes.

The first flaw affects any program that uses Visual Basic for Applications--a programming language common to all Office apps, as well as Publisher, Visio, and others.

Microsoft didn't make VBA bulletproof. It has an "unchecked buffer" that, if exploited by malicious code, could let an attacker take over your PC. Buffer checkers are like the safety cutoff valves in self-serve gasoline pumps. When your tank--or in this case, a buffer meant to hold data until it's needed--is full, the pump automatically shuts off. But the VBA buffer lacks a shutoff valve. In theory, a miscreant may send you a malformed PowerPoint file, say, containing an attack macro capable of sending too much data to the buffer. If you load the file, the macro begins to execute. As the data overflows, the cracker's code moves to take over. See this Microsoft bulletin for a list of affected programs and a link to the fix.

The other two flaws affect Word (versions 97 through 2002) and Works Suite (versions 2001 through 2003). One of them involves macros. If you open a Word file containing a nasty macro, it can execute automatically and cause a lot of damage. Jump to Microsoft's site to get the patch.

The final vulnerability affects Corel WordPerfect word processor documents. If you need to be able to read WordPerfect files within Microsoft Word, you probably use Microsoft's file converter. But the converter has a hole consisting of another unchecked buffer that a miscreant could misuse by sending you an infected WordPerfect file. Again, at Microsoft's site you can download the patch and read details about other susceptible programs.

Page 1 of 3
Next »

Would you recommend this story? YES NO

Subscribe to the Daily Downloads Newsletter - every weekday

See All Newsletters »

Similar Articles:

Lenovo Laptop Deals

IdeaPad U300s If there's a laptop that deserves the moniker "Ultrabook" it's the Lenovo IdeaPad U300s.
Buy now direct from Lenovo
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo
ThinkPad T420 Just about every IT person we know swears by the T series--for their clients and themselves.
Buy now direct from Lenovo

Bugs and Fixes

Best Prices on Antivirus Software

Norton Antivirus 2012 (Full Product, 3 PCs) $21.00 and up See All Prices
Endpoint Protection v.12.0 Small Business Edition (Full Product, 10 Users) $119.58 and up See All Prices
Total Protection 2012 (Full Product, 3 Users) $21.99 and up See All Prices
Antivirus 2012 (Full Product, 1 User) $16.78 and up See All Prices

See all Best Prices on Antivirus Software »

All PCWorld Blogs

Awesome Google Doodle Celebrates Birthday of Robert Moog with Playable Synthesizer Google honors the 78th birthday of Robert Moog, the father of the modern electronic synthesizer, with what quite possibly is its most elaborate doodle yet -- a working Moog synthesizer.
Swift Kick: Diamond Trust of London The week's biggest gaming Kickstarter campaign is a Nintendo DS game about...the diamond trade?
If You Missed the Eclipse, This Video Is the Next Best Thing Check out this gorgeous time-lapse video of last weekend's annular eclipse.
Ballmer: Windows 8 Will Bring 'Rebirth' of Microsoft OS Microsoft CEO Steve Ballmer thinks that Windows 8 is the most important piece of work the Redmond-based company has ever done.

Subscribe to the Daily Downloads Newsletter - every weekday

See All Newsletters »

12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.

Today's Special Offers

Editors' Picks

Name	City

Address 1	State	Zip

Address 2	E-mail (optional)