MS03-035: Word Macros may run automatically (827653)
High Nessus Plugin ID 11831
SynopsisArbitrary code can be executed on the remote host through VBA.
DescriptionThe remote host is running a version of Microsoft Word that contains a flaw in its handling of macro command execution. An attacker could use this to execute arbitrary code on this host.
To succeed, the attacker would have to send a rogue Word file to a user of this computer and have him open it. Then the macros contained in the Word file would bypass the security model of Word and be executed.
SolutionMicrosoft has released a set of patches for Office.