Visual Basic for Applications unsafe full Library Loading Vulnerability (MS12-046)

Release date:
Updated on:

Affected Systems:
Microsoft Office 2010 (64-bit edition) SP1
Microsoft Office 2010 (64-bit edition) 0
Microsoft Office 2010 (32-bit edition) 0
Microsoft Office (32-bit edition) SP1
Microsoft Office 2003 SP3
Microsoft Office
Microsoft Visual Basic for Applications
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54303
Cve id: CVE-2012-1854

Visual Basic for Applications (VBA) is a macro language of Visual Basic. It can be used to expand the functions of Windows Applications, especially Microsoft Office software. It can also be said to be a Visual Basic Script for applications. In Excel 1994 released in 5.0, the macro function of VBA is available.

Microsoft Visual Basic for Applications has the remote code execution vulnerability when processing DLL file loading. After successful exploitation, the affected system can be fully controlled.

<* Source: Microsoft

Link: http://secunia.com/advisories/49800/
Http://www.microsoft.com/technet/security/bulletin/MS12-046.asp
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* It is prohibited to load libraries from WebDAV and remote network sharing.

* Disable the WebClient Service.

* Disable TCP ports 139 and 445 on the firewall.

Vendor patch:

Microsoft
---------
Microsoft has released a Security Bulletin (MS12-046) and patches for this:

MS12-046: Vulnerability in Visual Basic for Applications cocould Allow Remote Code Execution (2707960)

Link: http://www.microsoft.com/technet/security/bulletin/MS12-046.asp