Vulnerability problems found by Trend Micro - Free online virus Sc



Eugene London
07-09-2005, 11:35 PM
I did an on line virus scan with Trend Micro and it came up with the
following information.............. "(MS00-034) Office 2000 UA Control
Vulnerability
Vulnerability Identifier: CVE-2000-0419
Risk: Critical
Discovery Date: May 12, 2000
Vulnerability Assessment Pattern File: 008
Related Malware: VBS_DAVINIA.A

Affected Software
· Word 2000
· Excel 2000
· Powerpoint 2000
· Access 2000
· Photodraw 2000
· FrontPage 2000
· Project 2000
· Publisher 2000
· Outlook 2000
· Works 2000 Suite
Description
This vulnerability allows a remote attacker to conduct unauthorized
activities via the Show Me function in Office Help, since Office 2000 UA
ActiveX Control is marked as safe for scripting.
(MS01-028) RTF Document Linked to Template Can Run Macros Without Warning
Vulnerability Identifier: CVE-2001-0240
Risk: Critical
Discovery Date: May 21, 2001
Vulnerability Assessment Pattern File: 008
Related Malware: W97M_GOGA.A

Affected Software
· Microsoft Word 97
· Microsoft Word 2000
· Microsoft Word 98 (J)
· Microsoft Word 98 for the Mac
· Microsoft Word 2001 for the Mac
Description
This vulnerability allows attackers to execute macros without user warning.
It is done by linking a Rich Text Format document to a template that contains
an embedded macro"

Could you please advise me as to where I could obtain down loads to protect
me against these problems,

thank you,

Eugene

Carey Frisch [MVP]
07-09-2005, 11:35 PM
Visit the Microsoft Office Update web site:
http://office.microsoft.com/en-us/officeupdate/default.aspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

"Eugene London" wrote:

| I did an on line virus scan with Trend Micro and it came up with the
| following information.............. "(MS00-034) Office 2000 UA Control
| Vulnerability
| Vulnerability Identifier: CVE-2000-0419
| Risk: Critical
| Discovery Date: May 12, 2000
| Vulnerability Assessment Pattern File: 008
| Related Malware: VBS_DAVINIA.A
|
| Affected Software
| · Word 2000
| · Excel 2000
| · Powerpoint 2000
| · Access 2000
| · Photodraw 2000
| · FrontPage 2000
| · Project 2000
| · Publisher 2000
| · Outlook 2000
| · Works 2000 Suite
| Description
| This vulnerability allows a remote attacker to conduct unauthorized
| activities via the Show Me function in Office Help, since Office 2000 UA
| ActiveX Control is marked as safe for scripting.
| (MS01-028) RTF Document Linked to Template Can Run Macros Without Warning
| Vulnerability Identifier: CVE-2001-0240
| Risk: Critical
| Discovery Date: May 21, 2001
| Vulnerability Assessment Pattern File: 008
| Related Malware: W97M_GOGA.A
|
| Affected Software
| · Microsoft Word 97
| · Microsoft Word 2000
| · Microsoft Word 98 (J)
| · Microsoft Word 98 for the Mac
| · Microsoft Word 2001 for the Mac
| Description
| This vulnerability allows attackers to execute macros without user warning.
| It is done by linking a Rich Text Format document to a template that contains
| an embedded macro"
|
| Could you please advise me as to where I could obtain down loads to protect
| me against these problems,
|
| thank you,
|
| Eugene

Nate Goulet
07-09-2005, 11:36 PM
Does that mean machines running Office 97 that have all of the Windows
security updates still have Vulnerability if they haven't also
installed the office updates?

On Fri, 13 May 2005 15:16:25 -0500, "Carey Frisch [MVP]"
<cnfrisch@nospamgmail.com> wrote:

>Visit the Microsoft Office Update web site:
>http://office.microsoft.com/en-us/officeupdate/default.aspx
>
>--
>Carey Frisch
>Microsoft MVP
>Windows XP - Shell/User
>Microsoft Newsgroups
>
>Get Windows XP Service Pack 2 with Advanced Security Technologies:
>http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx
>
>-------------------------------------------------------------------------------------------
>
>"Eugene London" wrote:
>
>| I did an on line virus scan with Trend Micro and it came up with the
>| following information.............. "(MS00-034) Office 2000 UA Control
>| Vulnerability
>| Vulnerability Identifier: CVE-2000-0419
>| Risk: Critical
>| Discovery Date: May 12, 2000
>| Vulnerability Assessment Pattern File: 008
>| Related Malware: VBS_DAVINIA.A
>|
>| Affected Software
>| · Word 2000
>| · Excel 2000
>| · Powerpoint 2000
>| · Access 2000
>| · Photodraw 2000
>| · FrontPage 2000
>| · Project 2000
>| · Publisher 2000
>| · Outlook 2000
>| · Works 2000 Suite
>| Description
>| This vulnerability allows a remote attacker to conduct unauthorized
>| activities via the Show Me function in Office Help, since Office 2000 UA
>| ActiveX Control is marked as safe for scripting.
>| (MS01-028) RTF Document Linked to Template Can Run Macros Without Warning
>| Vulnerability Identifier: CVE-2001-0240
>| Risk: Critical
>| Discovery Date: May 21, 2001
>| Vulnerability Assessment Pattern File: 008
>| Related Malware: W97M_GOGA.A
>|
>| Affected Software
>| · Microsoft Word 97
>| · Microsoft Word 2000
>| · Microsoft Word 98 (J)
>| · Microsoft Word 98 for the Mac
>| · Microsoft Word 2001 for the Mac
>| Description
>| This vulnerability allows attackers to execute macros without user warning.
>| It is done by linking a Rich Text Format document to a template that contains
>| an embedded macro"
>|
>| Could you please advise me as to where I could obtain down loads to protect
>| me against these problems,
>|
>| thank you,
>|
>| Eugene
>


Vulnerability problems found by Trend Micro - Free online virus Sc