Microsoft Excel Viewer SP2 Microsoft Excel Viewer SP1 Microsoft Excel 2007 SP2 Microsoft Excel 2007 SP1 Microsoft Office SharePoint Server 2007 SP2 Microsoft Office SharePoint Server 2007 SP1
Microsoft Excel XLSX文件解析远程代码执行漏洞(MS10-017)
SEBUG-ID:19249
SEBUG-Appdir:Office Excel
Published:2010-03-09
Vulnerable:
Discription:
BUGTRAQ ID: 38554 CVE ID: CVE-2010-0263 Excel是微软Office套件中的电子表格工具。 XLSX文件是组成新的开放XML文档相关内容的ZIP档案文件。在解压XLSX文件中的某些XML元素时由于没有验证ZIP头,可能会导致执行未初始化的内存。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。
<*References
ZDI (http://www.zerodayinitiative.com/)*>
链接:http://secunia.com/advisories/38805/
http://marc.info/?l=bugtraq&m=126816130828303&w=2
http://www.us-cert.gov/cas/techalerts/TA10-068A.html
http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx?pf=true
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
* 使用Microsoft Office文件阻断策略以防止打开未知或不可信任来源的Office 2007文档。
SEBUG Solution:
厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS10-017)以及相应补丁: MS10-017:Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) 链接:http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx?pf=true
// sebug.net [2010-03-10]