Microsoft Excel公式解析远程代码执行漏洞

漏洞起因
设计错误
 
影响系统
Microsoft Open XML File Format Converter for Mac
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer SP2
Microsoft Office Excel Viewer SP1
Microsoft Office Excel Viewer 2003 SP3
Microsoft Office Compatibility Pack 2007 SP2
Microsoft Office Compatibility Pack 2007 SP1
Microsoft Office 2008 for Mac
Microsoft Office 2004 for Mac
Microsoft Excel Viewer 2003
Microsoft Excel Viewer 2003 SP3
Microsoft Excel 2007 SP2
Microsoft Excel 2007 SP1
Microsoft Excel 2007 0
Microsoft Excel 2007 0
Microsoft Excel 2003 SP3
Microsoft Excel 2003 SP2
Microsoft Excel 2003 SP1
Microsoft Excel 2003
Microsoft Excel 2002 SP3
Microsoft Excel 2002 SP2
Microsoft Excel 2002 SP1
Microsoft Excel 2002
 
不受影响系统
 
危害
远程攻击者可以利用漏洞以登录用户安全上下文执行任意指令。
 
攻击所需条件
攻击者必须构建恶意Excel,诱使用户打开。
 
漏洞信息
Microsoft Excel是一款微软开发的电子表格处理程序。
Microsoft Office Excel存在一个远程代码执行漏洞,在解析单元格中包含的特殊构建的公式时可导致任意代码执行。
成功利用此漏洞允许完全控制受影响系统,攻击者成功利用此漏洞可以以内核权限安装程序;查看,更改或删除数据等。
 
测试方法
 
厂商解决方案
用户可参考如下微软提供的安全补丁:
Microsoft Office 2008 for Mac 0
Microsoft Microsoft Office 2008 for Mac 12.2.3 Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=b84fe57d-ddda -451e-9ead-69e10aee7928
Microsoft Excel 2003 SP3
Microsoft Security Update for Microsoft Office Excel 2003 (KB973475)
http://www.microsoft.com/downloads/details.aspx?familyid=6a6a0f5d-17dc -4a34-b9a0-0774aa287ba5
Microsoft Office Compatibility Pack 2007 SP2
Microsoft Security Update for the 2007 Microsoft Office System (KB973704)
http://www.microsoft.com/downloads/details.aspx?familyid=c4c92d2e-e87d -446f-8d3e-8f4be10c70aa
Microsoft Office Compatibility Pack 2007 SP1
Microsoft Security Update for the 2007 Microsoft Office System (KB973704)
http://www.microsoft.com/downloads/details.aspx?familyid=c4c92d2e-e87d -446f-8d3e-8f4be10c70aa
Microsoft Open XML File Format Converter for Mac 0
Microsoft Open XML File Format Converter for Mac 1.1.3
http://www.microsoft.com/downloads/details.aspx?FamilyID=4dd4bc05-1217 -497e-8f65-4347f2544ed6
Microsoft Office Excel Viewer SP1
Microsoft Security Update for Microsoft Office Excel Viewer (KB973707)
http://www.microsoft.com/downloads/details.aspx?familyid=fb36df5e-ebef -46bf-9edd-67f2c76dbdb3
Microsoft Excel 2002 SP3
Microsoft Security Update for Microsoft Excel 2002 (KB973471)
http://www.microsoft.com/downloads/details.aspx?familyid=5672c8fc-8509 -4962-ad86-ebc0f2575043
Microsoft Excel 2007 SP2
Microsoft Security Update for Microsoft Office Excel 2007 (KB973593)
http://www.microsoft.com/downloads/details.aspx?familyid=322b24ca-aff6 -4ca0-acf1-440cae0f9693
Microsoft Excel 2007 SP1
Microsoft Security Update for Microsoft Office Excel 2007 (KB973593)
http://www.microsoft.com/downloads/details.aspx?familyid=322b24ca-aff6 -4ca0-acf1-440cae0f9693
Microsoft Office 2004 for Mac 0
Microsoft Microsoft Office 2004 for Mac 11.5.6 Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=8f115b1c-1e28 -4ecf-937c-99c4b60c7c8e
Microsoft Excel Viewer 2003 SP3
Microsoft Security Update for Microsoft Office Excel Viewer 2003 (KB973484)
http://www.microsoft.com/downloads/details.aspx?familyid=19151e22-5642 -456c-bd39-298574369cdb
Microsoft Office Excel Viewer 2003 SP3
Microsoft Security Update for Microsoft Office Excel Viewer 2003 (KB973484)
http://www.microsoft.com/downloads/details.aspx?familyid=19151e22-5642 -456c-bd39-298574369cdb
Microsoft Office Excel Viewer SP2
Microsoft Security Update for Microsoft Office Excel Viewer (KB973707)
http://www.microsoft.com/downloads/details.aspx?familyid=fb36df5e-ebef -46bf-9edd-67f2c76dbdb3
 
漏洞提供者
Nicolas Joly of VUPEN Security

发表评论?

0 条评论。

发表评论