TechnologyAccounting SoftwareGreat Plains users at risk from security flaw

Great Plains users at risk from security flaw

Users of Microsoft accounting packages, such as Great Plains and eEnterprise are amongst those vulnerable to hackers taking control of their PCs, after Microsoft warned customers of a new 'critical' security flaw in its software.

Link: Top companies blasted by worm virus

The company said the buffer overflow issue in the Visual Basic for Applications technology included in versions of Office creates a backdoor that could allow hackers to compromise a Windows system, read files and run programs on it.

‘A flaw exists in the way VBA checks document properties passed to it when a document is opened by the host application. A buffer overrun exists which if exploited successfully could allow an attacker to execute code of their choice in the context of the logged on user,’ stated Microsoft.

In order for an attack to be successful, a user would have to open a specially crafted document sent to them by an attacker: ‘This document could be any type of document that supports VBA, such as a Word document, Excel spreadsheet, PowerPoint presentation,’ said the company.

Where Microsoft Word is being used as the HTML email editor for Outlook, a document could be an email, but the user would have to reply to, or forward the mail message for the vulnerability to be exploited.

VBA is used for developing client desktop packaged applications and integrating them with existing data and systems.

Based on the Microsoft Visual Basic development system, it is used in Microsoft Office products, which make use of VBA to perform core functions.

VBA can also be used to build customised applications based around an existing host application.

Microsoft issued the following patch which can be found form this link: http://www.microsoft.com/security/security_bulletins/ms03-037.asp

Microsoft products affected by the bug include:

  • Visual Basic for Applications SDK 5.0, 6.0, 6.2, and 6.3
  • Office 97, 2000, and XP
  • Word 98 (J)
  • Visio 2000 and 2002
  • Project 2000 and 2002
  • Publisher 2002
  • Works Suite 2001, 2002, and 2003
  • Business Solutions Great Plains 7.5
  • Business Solutions Dynamics 6.0 and 7.0
  • Business Solutions eEnterprise 6.0 and 7.0
  • Business Solutions Solomon 4.5, 5.0, and 5.5

Related Articles

5 key tech innovations helping accountants transform their businesses

Accounting Software 5 key tech innovations helping accountants transform their businesses

3w Heather Darnell, Founder of Ask the BOSS
Finance and the tech foundation: what’s needed to deliver impactful business insights?

Accounting Software Finance and the tech foundation: what’s needed to deliver impactful business insights?

3m Workday | Sponsored
Best accounting software for businesses in the UK

Accounting Software Best accounting software for businesses in the UK

3m Accountancy Age, Reporters
Making sense of enterprise tech concepts for finance teams

Accounting Software Making sense of enterprise tech concepts for finance teams

4m Workday | Sponsored
Open Banking: what you need to know

Accounting Software Open Banking: what you need to know

4m Edward Berks, Xero
Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

6m Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

10m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

10m Alia Shoaib, Reporter