|Check Point Reference:||CPAI-2012-263|
|Date Published:||10 Jul 2012|
|Protection Provided by:||
|Who is Vulnerable?|| Microsoft Office 2003 Service Pack 3 |
Microsoft Office 2007 Service Pack 2
Microsoft Office 2007 Service Pack 3
Microsoft Visual Basic for Applications
Microsoft Visual Basic for Applications SDK
|Vulnerability Description||A remote code execution vulnerability has been reported in Microsoft Visual Basic for Applications (VBA).|
|Update/Patch Avaliable||Apply patches from: MS12-046|
|Vulnerability Details||The vulnerability is due to an error in the way Microsoft VBA restricts the path used for loading external libraries. A remote attacker could exploit this issue by enticing a user to open a legitimate Microsoft Office-related file (such as a .docx file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Successful exploitation will allow an attacker to execute arbitrary code on an affected system, in the security context of the logged on user.|
This protection will detect and block the transferring of malicious DLL files over a network share.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
- In the IPS tab, click Protections and find the Microsoft Visual Basic for Applications Insecure Library Loading (MS12-046) protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: Microsoft Visual Basic for Applications Insecure Library Loading (MS12-046)