[SECURITY-L] CAIS-Alerta: Vulnerabilidade no Microsoft Visual Basic for Applications (MS06-047)

CSIRT - UNICAMP security em unicamp.br
Qua Ago 9 10:52:50 -03 2006 

--------------------------- Mensagem Original ----------------------------
Assunto: CAIS-Alerta: Vulnerabilidade no Microsoft Visual Basic for
Applications (MS06-047)
De:      "Centro de Atendimento a Incidentes de Seguranca" <cais em cais.rnp.br>
Data:    Ter, Agosto 8, 2006 5:15 pm
Para:    rnp-alerta em cais.rnp.br
         rnp-seg em cais.rnp.br
--------------------------------------------------------------------------

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Prezados,

O CAIS esta' repassando o alerta da Microsoft, intitulado "MS06-047 -
Vulnerability in Microsoft Visual Basic for Applications Could Allow
Remote Code Execution (921645)", que trata de uma vulnerabilidade presente
no Microsoft Visual Basic for Applications, capaz de permitir a execucao
remota de codigo no sistema afetado.

O Microsoft Visual Basic for Applications (VBA) é uma tecnologia de
desenvolvimento de aplicacoes que permite a integracao entre diferentes
sistemas e dados. Uma vulnerabilidade na forma como o VBA trata as
informacoes sobre o documento, passadas pela aplicacao, pode permitir a
execucao de codigo malicioso no sistema afetado.

Para explorar esta vulnerabilidade, um atacante precisa forcar um usuario
a abrir um documento especialmente montado que utilize as facilidades do
VBA. Exemplos de documento que podem ser utilizados para explorar a
vulnerabilidade sao documentos Word, Excel, Powerpoint, e-mails em HTML,
entre outros.


Sistemas afetados:

. Microsoft Office 2000 Service Pack 3
. Microsoft Project 2000 Service Release 1
. Microsoft Access 2000 Runtime Service Pack 3
. Microsoft Office XP Service Pack 3
. Microsoft Project 2002 Service Pack 1
. Microsoft Visio 2002 Service Pack 2
. Microsoft Works Suite 2004
. Microsoft Works Suite 2005
. Microsoft Works Suite 2006
. Microsoft Visual Basic for Applications SDK 6.0
. Microsoft Visual Basic for Applications SDK 6.2
. Microsoft Visual Basic for Applications SDK 6.3
. Microsoft Visual Basic for Applications SDK 6.4


Correcoes disponiveis:

Recomenda-se fazer a atualizacao para as versoes disponiveis em:

. Microsoft Office 2000 Service Pack 3
  http://www.microsoft.com/downloads/details.aspx?FamilyId=837A4FA9-FABC-4119-9AAF-2C8663029D2B

. Microsoft Project 2000 Service Release 1
  http://www.microsoft.com/downloads/details.aspx?FamilyId=744DD25D-B9A7-4E30-B64E-1C9BB0F87D90

. Microsoft Access 2000 Runtime Service Pack 3
  http://www.microsoft.com/downloads/details.aspx?FamilyId=ED5A8C40-C592-4299-AFB2-5F0F6E2B1DCD

. Microsoft Office XP Service Pack 3
  http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C

. Microsoft Project 2002 Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?FamilyId=62EF50AA-6061-4185-9713-F8C31B195103

. Microsoft Visio 2002 Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=43525B6A-58B7-49C7-88D8-4983D1614A96

. Microsoft Works Suite 2004
  http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C

. Microsoft Works Suite 2005
  http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C

. Microsoft Works Suite 2006
  http://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C

. Microsoft Visual Basic for Applications SDK 6.0
  http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3

. Microsoft Visual Basic for Applications SDK 6.2
  http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3

. Microsoft Visual Basic for Applications SDK 6.3
  http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3

. Microsoft Visual Basic for Applications SDK 6.4
  http://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3


Mais informacoes:

. MS06-047 - Vulnerability in Microsoft Visual Basic for Applications
Could Allow Remote Code Execution (921645)
  http://www.microsoft.com/technet/security/bulletin/ms06-047.mspx

. Microsoft Brasil Security
  http://www.microsoft.com/brasil/security

. Technet Brasil - Central de Seguranca
  http://www.technetbrasil.com.br/seguranca


Identificador CVE (http://cve.mitre.org): CVE-2006-3649


O CAIS recomenda que os administradores mantenham seus sistemas e
aplicativos sempre atualizados, de acordo com as ultimas versoes e
correcoes oferecidas pelos fabricantes.

Os Alertas do CAIS tambem sao oferecidos no formato RSS/RDF:
http://www.rnp.br/cais/alertas/rss.xml


Atenciosamente,

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS)     #
#       Rede Nacional de Ensino e Pesquisa (RNP)               #
#                                                              #
# cais em cais.rnp.br       http://www.cais.rnp.br                #
# Tel. 019-37873300      Fax. 019-37873301                     #
# Chave PGP disponivel   http://www.rnp.br/cais/cais-pgp.key   #
################################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iQCVAwUBRNjw7ukli63F4U8VAQI3ewQAuZL6JlxjHs0JPb1Y7ky8bEQ091Zqcelb
o4l61FoYVyQh9LAfYyyhT7P6pmxITxJ+g3N+yfecIRj2wqrFaGQVU8LWqLJ0CK9X
eFwwevBsPwN1VNwYpJO0Q75k5I5B1kiFu16eP/VsEc9cG6ZKWGXRdyRv1hMF3xXC
RMDVCVUZpFw=fq5H
-----END PGP SIGNATURE-----


----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L