CVE-2002-0619

Vulnerability

The Mail Merge Tool in Microsoft Word 2002 for Windows (part of Office XP) contains a vulnerability that allows remote attackers to execute Visual Basic for Applications (VBA) scripts within a mail merge document saved in HTML format. This issue is a variant of the vulnerability addressed in MS00-071 (CVE-2000-0788). The vulnerable code path is reachable only when Microsoft Access is installed on the system. Affected versions include Microsoft Word 2002 for Windows and Microsoft Office XP for Windows [1].

Exploitation

An attacker can craft a malicious mail merge document in HTML format containing embedded VBA scripts. The attacker must then convince the user to open the document, typically via email or a web download. No authentication or special network position is required; the user only needs to have Microsoft Access present on their system. When the user opens the document, the VBA script executes automatically without further user interaction [1].

Impact

Successful exploitation allows the attacker to run arbitrary VBA code in the context of the logged-on user. This can lead to full compromise of the affected system, including data theft, installation of malware, or further propagation within the network. The attacker gains the same privileges as the user [1].

Mitigation

Microsoft released a cumulative patch (MS02-031, Q324458) on June 19, 2002, which addresses this vulnerability along with other macro execution issues. Users should apply the patch to affected versions of Microsoft Word 2002 and Office XP. No workarounds are documented. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].