TechnologyAccounting SoftwareGreat Plains users at risk from security flaw

Great Plains users at risk from security flaw

Users of Microsoft accounting packages, such as Great Plains and eEnterprise are amongst those vulnerable to hackers taking control of their PCs, after Microsoft warned customers of a new 'critical' security flaw in its software.

Link: Top companies blasted by worm virus

The company said the buffer overflow issue in the Visual Basic for Applications technology included in versions of Office creates a backdoor that could allow hackers to compromise a Windows system, read files and run programs on it.

‘A flaw exists in the way VBA checks document properties passed to it when a document is opened by the host application. A buffer overrun exists which if exploited successfully could allow an attacker to execute code of their choice in the context of the logged on user,’ stated Microsoft.

In order for an attack to be successful, a user would have to open a specially crafted document sent to them by an attacker: ‘This document could be any type of document that supports VBA, such as a Word document, Excel spreadsheet, PowerPoint presentation,’ said the company.

Where Microsoft Word is being used as the HTML email editor for Outlook, a document could be an email, but the user would have to reply to, or forward the mail message for the vulnerability to be exploited.

VBA is used for developing client desktop packaged applications and integrating them with existing data and systems.

Based on the Microsoft Visual Basic development system, it is used in Microsoft Office products, which make use of VBA to perform core functions.

VBA can also be used to build customised applications based around an existing host application.

Microsoft issued the following patch which can be found form this link: http://www.microsoft.com/security/security_bulletins/ms03-037.asp

Microsoft products affected by the bug include:

  • Visual Basic for Applications SDK 5.0, 6.0, 6.2, and 6.3
  • Office 97, 2000, and XP
  • Word 98 (J)
  • Visio 2000 and 2002
  • Project 2000 and 2002
  • Publisher 2002
  • Works Suite 2001, 2002, and 2003
  • Business Solutions Great Plains 7.5
  • Business Solutions Dynamics 6.0 and 7.0
  • Business Solutions eEnterprise 6.0 and 7.0
  • Business Solutions Solomon 4.5, 5.0, and 5.5

Related Articles

Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

3w Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

5m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

5m Alia Shoaib, Reporter
UK behind foreign markets in digital accounting, but gap is narrowing

Accounting Software UK behind foreign markets in digital accounting, but gap is narrowing

7m Alia Shoaib, Reporter
The rise of the progressive accountant

Accounting Software The rise of the progressive accountant

8m Emma Smith, Managing Editor
Making Tax Digital: Revolution or revolt?

Accounting Software Making Tax Digital: Revolution or revolt?

8m Emma Smith, Managing Editor
Making Tax Digital: Is HMRC’s recent system fault a cause for concern?

Accounting Software Making Tax Digital: Is HMRC’s recent system fault a cause for concern?

8m Emma Smith, Managing Editor
Four reasons why SME owners should switch to cloud accounting

Accounting Software Four reasons why SME owners should switch to cloud accounting

9m Emma Smith, Managing Editor