Microsoft Office Web组件ActiveX控件内存分配代码执行漏洞

发表评论 (0) 查看评论

漏洞起因
设计错误
 
影响系统
Microsoft Office XP Web Components SP3
Microsoft Office XP SP3
Microsoft Office XP SP2
Microsoft Office XP SP1
Microsoft Office XP
Microsoft Office Small Business Accounting 2006
Microsoft Office 2003 Web Components for Office 2007 SP1
Microsoft Office 2003 Web Components SP3
Microsoft Office 2003 SP3
Microsoft Office 2003 SP2
Microsoft Office 2003 SP1
Microsoft Office 2003
Microsoft Internet Security and Acceleration Server 2006 Supportability Up
Microsoft Internet Security and Acceleration Server 2006 SP1
Microsoft Internet Security and Acceleration Server 2006
Microsoft Internet Security and Acceleration Server 2004 Standard Edition SP3
Microsoft Internet Security and Acceleration Server 2004 Enterprise Editio SP3
 
不受影响系统
 
危害
远程攻击者可以利用漏洞以登录用户安全上下文执行任意指令。
 
攻击所需条件
攻击者必须构建恶意WEB页,诱使用户访问。
 
漏洞信息
Microsoft Office是一款微软公司开发的文字处理程序套件。
在装载和卸载Microsoft Office OWC10 ActiveX控件(0002E543-0000-0000-C000-000000000046)时存在缺陷,可导致内存破坏而造成以登录用户安全上下文执行任意指令。
目前没有详细漏洞细节提供。
 
测试方法
 
厂商解决方案
用户可参考如下补丁信息:
Microsoft Office Small Business Accounting 2006 0
Microsoft Security Update for Microsoft Small Business Accounting 2006 Office Web Components (KB968377)
http://www.microsoft.com/downloads/details.aspx?familyid=0d77ddb3-4d34 -4cfe-913b-d05981f59a82
Microsoft Office XP SP3
Microsoft Security Update for Microsoft Office XP Web Components (KB947320)
http://www.microsoft.com/downloads/details.aspx?familyid=60e2e4e7-aa75 -441d-b6fc-7e850bf8e580
Microsoft Office 2003 Web Components SP3
Microsoft Security Update for Microsoft Office Web Components (KB947319)
http://www.microsoft.com/downloads/details.aspx?familyid=95c94c9a-6aca -42fb-9679-3234f06c72f7
Microsoft Office XP Web Components SP3
Microsoft Security Update for Microsoft Office XP Web Components (KB947320)
http://www.microsoft.com/downloads/details.aspx?familyid=60e2e4e7-aa75 -441d-b6fc-7e850bf8e580
Microsoft Office 2003 Web Components for Office 2007 SP1 0
Microsoft Security Update for Microsoft Office 2003 Web Components for the 2007 Microsoft Office System (KB947
http://www.microsoft.com/downloads/details.aspx?familyid=644008e0-77c9 -4a02-ac9b-e30d0930c4be
Microsoft Office 2003 SP3
Microsoft Security Update for Microsoft Office Web Components (KB947319)
http://www.microsoft.com/downloads/details.aspx?familyid=95c94c9a-6aca -42fb-9679-3234f06c72f7
 
漏洞提供者
Peter Vreugdenhil of Zero Day Initiative

发表评论?

0 条评论。

发表评论