Vulnerability Identifier: CVE-2006-3649
Discovery Date: Aug 8, 2006
Risk: Critical
Vulnerability Assessment Pattern File: 050
Affected Software:
  • Microsoft Access 2000 Runtime Service Pack 3
  • Microsoft Office 2000 Service Pack 3
  • Microsoft Project 2000 Service Release 1
  • Microsoft Project 2002 Service Pack 1
  • Microsoft Visio 2002 Service Pack 2
  • Microsoft Visual Basic for Applications SDK 6.0
  • Microsoft Visual Basic for Applications SDK 6.2
  • Microsoft Visual Basic for Applications SDK 6.3
  • Microsoft Visual Basic for Applications SDK 6.4
  • Microsoft Works Suite 2004
  • Microsoft Works Suite 2005
  • Microsoft Works Suite 2006

Microsoft VBA is a development technology for developing client desktop packaged applications which are then integrated into existing data and systems. Microsoft VBA is based on the Microsoft Visual Basic development system. Microsoft Office products include VBA and make use of VBA to perform certain functions. VBA can also be used to build customized applications based an existing host application.

A remote code execution vulnerability exists in the way Visual Basic for Applications (VBA) checks the document properties that a host application passes to it when opening a document. This vulnerability could allow an attacker who successfully exploited the vulnerability to take complete control of the affected system. As a result it is possible for the host application to pass unchecked parameters to VBA, causing a buffer underrun that could allow for arbitrary codes to be executed. An attacker who successfully exploits this vulnerability can take full control of the affected system.

To exploit this vulnerability, the attacker must convince the target user to open a specially crafted document. These documents can be a Word document, an Excel spreadsheet or a Powerpoint presentation. If the user uses MS Word as the HTML email editor for MS Outlook, the said specially crafted document can be an email message but it is needed to be forwarded or replied to before the vulnerability can be exploited.

Patch Information:

Workaround Fixes:

The workaround for this vulnerability can be found at: