_____ 发件人: SecuriTeam [mailto:[EMAIL PROTECTED] 发送时间: 2008年5月14日 3:01 收件人: [EMAIL PROTECTED] 主题: [NT] Vulnerabilities in Microsoft Word Allows Code Execution (MS08-026)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html - - - - - - - - - Vulnerabilities in Microsoft Word Allows Code Execution (MS08-026) This security update resolves several privately reported vulnerabilities in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for supported editions of Microsoft Word 2000 and Microsoft Outlook 2007 and rated Important for supported editions of Microsoft Word 2002; Microsoft Word 2003; Microsoft Word Viewer 2003 and Microsoft Word Viewer 2003 Service Pack 3; Microsoft Word 2007; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats; and Microsoft Office 2004 for Mac and Microsoft Office 2008 for Mac. For more information, see the subsection, Affected and Non-Affected Software, in this section. Affected Software: Microsoft Office Suites and Components * Microsoft Office 2000 Service Pack 3 - Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=9215ff71-38c0-416a -b89a-fe3474160f41> Word 2000 Service Pack 3 (KB950250) - Remote Code Execution - Critical - MS08-009 * Microsoft Office XP Service Pack 3 - Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=b348a518-221e-4567 -a797-999715a8b2ef> Word 2002 Service Pack 3 (KB950243) - Remote Code Execution - Important - MS08-009 * Microsoft Office 2003 Service Pack 2 - Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=bc33d144-f917-47b8 -961f-744ca847e14c> Word 2003 Service Pack 2 (KB950241) - Remote Code Execution - Important - MS08-009 * Microsoft Office 2003 Service Pack 3 - Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=bc33d144-f917-47b8 -961f-744ca847e14c> Word 2003 Service Pack 3 (KB950241) - Remote Code Execution - Important - MS08-009 * 2007 Microsoft Office System - Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401 -9331-2a54a93e2550> Word 2007 (KB950113) - Remote Code Execution - Important - None * Microsoft Office 2003 Service Pack 3 - Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401 -9331-2a54a93e2550> Outlook 2007 (KB950113) - Remote Code Execution - Critical - None * 2007 Microsoft Office System Service Pack 1 - Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401 -9331-2a54a93e2550> Word 2007 Service Pack 1 (KB950113) - Remote Code Execution - Important - None * 2007 Microsoft Office System Service Pack 1 - Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401 -9331-2a54a93e2550> Outlook 2007 Service Pack 1 (KB950113) - Remote Code Execution - Critical - None Other Office Software * Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=bce7ea31-2bf0-4930 -aff9-837bcc82a682> Word Viewer 2003 (KB950625) - Not applicable - Remote Code Execution - Important - MS08-009 * Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=bce7ea31-2bf0-4930 -aff9-837bcc82a682> Word Viewer 2003 Service Pack 3 (KB950625) - Not applicable - Remote Code Execution - Important - MS07-024 * Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=2d718f37-c5d1-4e15 -a7e1-5a15fedef52f> Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats (KB951808) - Not applicable - Remote Code Execution - Important - None * Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=2d718f37-c5d1-4e15 -a7e1-5a15fedef52f> Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 (KB951808) - Not applicable - Remote Code Execution - Important - None Microsoft Office for Mac * Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=99F54471-CCF9-4D94 -A882-A05ECD128ADC> Office 2004 for Mac (KB952332) - Not applicable - Remote Code Execution - Important - MS08-014 * Microsoft <http://www.microsoft.com/downloads/details.aspx?FamilyId=395D1487-A3A6-4106 -A0F8-4D6E1D6D89D2> Office 2008 for Mac (KB952331) - Not applicable - Remote Code Execution - Important - MS08-014 Non-Affected Software: * Microsoft Works 8.0 * Microsoft Works 8.5 * Microsoft Works 9.0 * Microsoft Works Suite 2005 * Microsoft Works Suite 2006 Object Parsing Vulnerability - CVE-2008-1091 A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (.rtf) files. The vulnerability could allow remote code execution if a user opens a specially crafted .rtf file with malformed strings in Word or previews a specially crafted .rtf file with malformed strings in rich text e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE Information: CVE-2008-1091 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1091> Word Cascading Style Sheet (CSS) Vulnerability - CVE-2008-1434 A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed CSS value. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. CVE Information: CVE-2008-1434 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1434> Mitigating Factors: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation: * In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. * An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. * Users who have installed and are using the Office Document Open Confirmation Tool for Office 2000 will be prompted with Open, Save, or Cancel before opening a document. The features of the Office Document Open Confirmation Tool are incorporated in Office XP and later editions of Office. Workarounds: Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality. * Use Microsoft Office File Block policy to prevent the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations. The following registry scripts can be used to set the File Block policy. Note Modifying the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from incorrect modification of the Registry can be solved. Modify the Registry at your own risk. For Office 2003 Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBloc k] "HTMLFiles"=dword:00000001 Note In order to use 'FileOpenBlock' with Office 2003, all of the latest Office 2003 security updates as of May 2007 must be applied. Impact of Workaround: Users who have configured the File Block policy and have not configured a special exempt directory as discussed in Microsoft Knowledge Base Article 922848 will be unable to open HTML documents in Word or Outlook. How to undo the workaround: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBloc k] "HTMLFiles"=dword:00000000 For Office 2007 Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\Fil eOpenBlock] "HTMLFiles"=dword:00000001 Note In order to use 'FileOpenBlock' with Office 2007, all of the latest Office 2007 security updates as of May 2007 must be applied. Impact of Workaround: Users who have configured the File Block policy and have not configured a special exempt directory as discussed in Microsoft Knowledge Base Article 922848 will be unable to open HTML documents in Word 2003 or 2007 Microsoft Office System. How to undo the workaround: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\Fil eOpenBlock] "HTMLFiles"=dword:00000000 * Do not open or save Microsoft Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted file. Additional Information: The information has been provided by Microsoft Product Security. The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx ============================================================================ ==== This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: [EMAIL PROTECTED] In order to subscribe to the mailing list and receive advisories in HTML format, simply forward this email to: [EMAIL PROTECTED] ============================================================================ ==== ============================================================================ ==== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
