Microsoft Visual Basic for Applications Document Check Buffer Overflow Vulnerability

Microsoft Visual Basic for Applications Document Check Buffer Overflow Vulnerability

A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs due to insufficient bounds checking when checking the properties of malicious documents. As a result, a malformed document may be able to trigger a buffer-overflow within the affected application, effectively allowing for the execution of arbitrary code.

Microsoft Office, Access, Visio, Word, and Works are also reportedly attack vectors, since they employ VBA when handling certain document types. Email is another potential attack vector for this vulnerability, but merely opening an email would not trigger the issue; replying or forwarding the message could potentially trigger it.

Microsoft has reported that this issue is being exploited in the wild.