Microsoft Patches Five Security Flaws

Microsoft on Wednesday let loose a slew of security bulletins, the worst of the bunch affecting Office users. Of the five flaws, only one was deemed "critical." It allows a buffer overflow in the Visual Basic for Applications Software Development Kit, leaving 29 products vulnerable including the software giant's aligned productivity solution Microsoft Works.

Two other flaws are labeled "important." The first deals with Microsoft's WordPerfect document converter built into all supported versions of FrontPage, Office, Publisher and Works, while the second allows a Macro to run automatically without user intervention.

Office 2003 is not at risk from any of the vulnerabilities.

A less severe "moderate" bulletin warns of a potential buffer overflow in the Access Snapshot Viewer.

Finally, a "low" risk assessment is placed on a NETBIOS issue that could allow a malicious user to view data on a target machine. Every NT based version of Windows from 4.0 to Windows Server 2003 is affected. However, both Windows XP and Windows Server 2003 are shielded by the Internet Connection Firewall found in each operating system.