Microsoft Office Web组件ActiveX控件msDataSourceObject()堆破坏远程代码执行漏洞

漏洞起因
设计错误

影响系统
Microsoft Office XP Web Components SP3
Microsoft Office XP SP3
Microsoft Office XP SP2
Microsoft Office XP SP1
Microsoft Office XP
Microsoft Office Small Business Accounting 2006
Microsoft Office 2003 Web Components for Office 2007 SP1
Microsoft Office 2003 Web Components SP3
Microsoft Office 2003 SP3
Microsoft Office 2003 SP2
Microsoft Office 2003 SP1
Microsoft Office 2003
Microsoft Internet Security and Acceleration Server 2006 Supportability Up
Microsoft Internet Security and Acceleration Server 2006 SP1
Microsoft Internet Security and Acceleration Server 2006
Microsoft Internet Security and Acceleration Server 2004 Standard Edition SP3
Microsoft Internet Security and Acceleration Server 2004 Enterprise Editio SP3

不受影响系统

危害
远程攻击者可以利用漏洞以登录用户安全上下文执行任意指令。

攻击所需条件
攻击者必须构建恶意WEB页，诱使用户访问。

漏洞信息
Microsoft Office是一款微软公司开发的文字处理程序套件。
Microsoft Office安装的web ActiveX控件包含的msDataSourceObject()函数处理恶意参数时存在缺陷，存在内存破坏问题而造成以登录用户安全上下文执行任意指令。
目前没有详细漏洞细节提供。

测试方法

厂商解决方案
用户可参考如下补丁信息：
Microsoft Office XP SP3
Microsoft Security Update for Microsoft Office XP Web Components (KB947320)
http://www.microsoft.com/downloads/details.aspx?familyid=60e2e4e7-aa75 -441d-b6fc-7e850bf8e580
Microsoft Office 2003 Web Components SP3
Microsoft Security Update for Microsoft Office Web Components (KB947319)
http://www.microsoft.com/downloads/details.aspx?familyid=95c94c9a-6aca -42fb-9679-3234f06c72f7
Microsoft Office XP Web Components SP3
Microsoft Security Update for Microsoft Office XP Web Components (KB947320)
http://www.microsoft.com/downloads/details.aspx?familyid=60e2e4e7-aa75 -441d-b6fc-7e850bf8e580
Microsoft Office 2003 Web Components for Office 2007 SP1 0
Microsoft Security Update for Microsoft Office 2003 Web Components for the 2007 Microsoft Office System (KB947
http://www.microsoft.com/downloads/details.aspx?familyid=644008e0-77c9 -4a02-ac9b-e30d0930c4be
Microsoft Office 2003 SP3
Microsoft Security Update for Microsoft Office Web Components (KB947319)
http://www.microsoft.com/downloads/details.aspx?familyid=95c94c9a-6aca -42fb-9679-3234f06c72f7
Microsoft Office Small Business Accounting 2006 0
Microsoft Security Update for Microsoft Small Business Accounting 2006 Office Web Components (KB968377)
http://www.microsoft.com/downloads/details.aspx?familyid=0d77ddb3-4d34 -4cfe-913b-d05981f59a82
Microsoft Microsoft Office Small Business Accounting 2006 0
Microsoft Security Update for Microsoft Small Business Accounting 2006 Office Web Components (KB968377)
http://www.microsoft.com/downloads/details.aspx?familyid=0d77ddb3-4d34 -4cfe-913b-d05981f59a82

漏洞提供者
Peter Vreugdenhil of Zero Day Initiative

← Microsoft Office Web组件ActiveX控件缓冲区溢出代码执行漏洞

Microsoft Office Web组件ActiveX控件’BorderAround()’堆破坏远程代码执行漏洞 →

ZeroBox Vulnerability Database

坚持！我们将做的更好！

Microsoft Office Web组件ActiveX控件msDataSourceObject()堆破坏远程代码执行漏洞

0 条评论。

发表评论