哪有利用代码 2008/5/14, 大风 <[EMAIL PROTECTED]>: > > ------------------------------ > > *发件人:* SecuriTeam [mailto:[EMAIL PROTECTED] > *发送时间:* 2008年5月14日 3:01 > *收件人:* [EMAIL PROTECTED] > *主题:* [NT] Vulnerabilities in Microsoft Word Allows Code Execution > (MS08-026) > > > > The following security advisory is sent to the securiteam mailing list, > and can be found at the SecuriTeam web site: http://www.securiteam.com > > - - promotion > > The SecuriTeam alerts list - Free, Accurate, Independent. > > Get your security news from a reliable source. > http://www.securiteam.com/mailinglist.html > > > - - - - - - - - - > *Vulnerabilities in Microsoft Word Allows Code Execution (MS08-026) * > > This security update resolves several privately reported vulnerabilities > in Microsoft Word that could allow remote code execution if a user opens a > specially crafted Word file. An attacker who successfully exploited these > vulnerabilities could take complete control of an affected system. An > attacker could then install programs; view, change, or delete data; or > create new accounts with full user rights. Users whose accounts are > configured to have fewer user rights on the system could be less impacted > than users who operate with administrative user rights. > > This security update is rated Critical for supported editions of Microsoft > Word 2000 and Microsoft Outlook 2007 and rated Important for supported > editions of Microsoft Word 2002; Microsoft Word 2003; Microsoft Word Viewer > 2003 and Microsoft Word Viewer 2003 Service Pack 3; Microsoft Word 2007; > Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 > File Formats; and Microsoft Office 2004 for Mac and Microsoft Office 2008 > for Mac. For more information, see the subsection, Affected and Non-Affected > Software, in this section. > > *Affected Software:* > *Microsoft Office Suites and Components* > * Microsoft Office 2000 Service Pack 3 - Microsoft Word 2000 Service Pack > 3<http://www.microsoft.com/downloads/details.aspx?FamilyId=9215ff71-38c0-416a-b89a-fe3474160f41>(KB950250) > - Remote Code Execution - Critical - MS08-009 > * Microsoft Office XP Service Pack 3 - Microsoft Word 2002 Service Pack > 3<http://www.microsoft.com/downloads/details.aspx?FamilyId=b348a518-221e-4567-a797-999715a8b2ef>(KB950243) > - Remote Code Execution - Important - MS08-009 > * Microsoft Office 2003 Service Pack 2 - Microsoft Word 2003 Service Pack > 2<http://www.microsoft.com/downloads/details.aspx?FamilyId=bc33d144-f917-47b8-961f-744ca847e14c>(KB950241) > - Remote Code Execution - Important - MS08-009 > * Microsoft Office 2003 Service Pack 3 - Microsoft Word 2003 Service Pack > 3<http://www.microsoft.com/downloads/details.aspx?FamilyId=bc33d144-f917-47b8-961f-744ca847e14c>(KB950241) > - Remote Code Execution - Important - MS08-009 > * 2007 Microsoft Office System - Microsoft Word > 2007<http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550>(KB950113) > - Remote Code Execution - Important - None > * Microsoft Office 2003 Service Pack 3 - Microsoft Outlook > 2007<http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550>(KB950113) > - Remote Code Execution - Critical - None > * 2007 Microsoft Office System Service Pack 1 - Microsoft Word 2007 > Service Pack > 1<http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550>(KB950113) > - Remote Code Execution - Important - None > * 2007 Microsoft Office System Service Pack 1 - Microsoft Outlook 2007 > Service Pack > 1<http://www.microsoft.com/downloads/details.aspx?FamilyId=071ceaa2-12e3-4401-9331-2a54a93e2550>(KB950113) > - Remote Code Execution - Critical - None > *Other Office Software* > * Microsoft Word Viewer > 2003<http://www.microsoft.com/downloads/details.aspx?FamilyId=bce7ea31-2bf0-4930-aff9-837bcc82a682>(KB950625) > - Not applicable - Remote Code Execution - Important - MS08-009 > * Microsoft Word Viewer 2003 Service Pack > 3<http://www.microsoft.com/downloads/details.aspx?FamilyId=bce7ea31-2bf0-4930-aff9-837bcc82a682>(KB950625) > - Not applicable - Remote Code Execution - Important - MS07-024 > * Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint > 2007 File > Formats<http://www.microsoft.com/downloads/details.aspx?FamilyId=2d718f37-c5d1-4e15-a7e1-5a15fedef52f>(KB951808) > - Not applicable - Remote Code Execution - Important - None > * Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint > 2007 File Formats Service Pack > 1<http://www.microsoft.com/downloads/details.aspx?FamilyId=2d718f37-c5d1-4e15-a7e1-5a15fedef52f>(KB951808) > - Not applicable - Remote Code Execution - Important - None > *Microsoft Office for Mac* > * Microsoft Office 2004 for > Mac<http://www.microsoft.com/downloads/details.aspx?FamilyId=99F54471-CCF9-4D94-A882-A05ECD128ADC>(KB952332) > - Not applicable - Remote Code Execution - Important - MS08-014 > * Microsoft Office 2008 for > Mac<http://www.microsoft.com/downloads/details.aspx?FamilyId=395D1487-A3A6-4106-A0F8-4D6E1D6D89D2>(KB952331) > - Not applicable - Remote Code Execution - Important - MS08-014 > > *Non-Affected Software:* > * Microsoft Works 8.0 > * Microsoft Works 8.5 > * Microsoft Works 9.0 > * Microsoft Works Suite 2005 > * Microsoft Works Suite 2006 > > *Object Parsing Vulnerability - CVE-2008-1091* > A remote code execution vulnerability exists in the way that Microsoft > Office handles specially crafted Rich Text Format (.rtf) files. The > vulnerability could allow remote code execution if a user opens a specially > crafted .rtf file with malformed strings in Word or previews a specially > crafted .rtf file with malformed strings in rich text e-mail. An attacker > who successfully exploited this vulnerability could take complete control of > an affected system. An attacker could then install programs; view, change, > or delete data; or create new accounts with full user rights. > > *CVE Information:* > CVE-2008-1091<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1091> > > *Word Cascading Style Sheet (CSS) Vulnerability - CVE-2008-1434* > A remote code execution vulnerability exists in the way that Microsoft > Word handles specially crafted Word files. The vulnerability could allow > remote code execution if a user opens a specially crafted Word file that > includes a malformed CSS value. An attacker who successfully exploited this > vulnerability could take complete control of an affected system. An attacker > could then install programs; view, change, or delete data; or create new > accounts with full user rights. > > *CVE Information:* > CVE-2008-1434<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1434> > > *Mitigating Factors:* > Mitigation refers to a setting, common configuration, or general > best-practice, existing in a default state, that could reduce the severity > of exploitation of a vulnerability. The following mitigating factors may be > helpful in your situation: > > * In a Web-based attack scenario, an attacker could host a Web site that > contains a Web page that is used to exploit this vulnerability. In addition, > compromised Web sites and Web sites that accept or host user-provided > content or advertisements could contain specially crafted content that could > exploit this vulnerability. In all cases, however, an attacker would have no > way to force users to visit these Web sites. Instead, an attacker would have > to persuade users to visit the Web site, typically by getting them to click > a link in an e-mail message or Instant Messenger message that takes users to > the attacker's Web site. > > * An attacker who successfully exploited this vulnerability could gain > the same user rights as the local user. Users whose accounts are configured > to have fewer user rights on the system could be less impacted than users > who operate with administrative user rights. > > * Users who have installed and are using the Office Document Open > Confirmation Tool for Office 2000 will be prompted with Open, Save, or > Cancel before opening a document. The features of the Office Document Open > Confirmation Tool are incorporated in Office XP and later editions of > Office. > > *Workarounds:* > Workaround refers to a setting or configuration change that does not > correct the underlying vulnerability but would help block known attack > vectors before you apply the update. Microsoft has tested the following > workarounds and states in the discussion whether a workaround reduces > functionality. > > * Use Microsoft Office File Block policy to prevent the opening of Office > 2003 and earlier documents from unknown or untrusted sources and locations. > > The following registry scripts can be used to set the File Block policy. > > *Note* Modifying the Registry incorrectly can cause serious problems that > may require you to reinstall your operating system. Microsoft cannot > guarantee that problems resulting from incorrect modification of the > Registry can be solved. Modify the Registry at your own risk. > > For Office 2003 > > Windows Registry Editor Version 5.00 > > [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBlock] > > > "HTMLFiles"=dword:00000001 > > *Note* In order to use 'FileOpenBlock' with Office 2003, all of the latest > Office 2003 security updates as of May 2007 must be applied. > > *Impact of Workaround*: Users who have configured the File Block policy > and have not configured a special exempt directory as discussed in Microsoft > Knowledge Base Article 922848 will be unable to open HTML documents in Word > or Outlook. > > How to undo the workaround: > > Windows Registry Editor Version 5.00 > > [HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Word\Security\FileOpenBlock] > > > "HTMLFiles"=dword:00000000 > > For Office 2007 > > Windows Registry Editor Version 5.00 > > [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock] > > > "HTMLFiles"=dword:00000001 > > *Note* In order to use 'FileOpenBlock' with Office 2007, all of the latest > Office 2007 security updates as of May 2007 must be applied. > > *Impact of Workaround*: Users who have configured the File Block policy > and have not configured a special exempt directory as discussed in Microsoft > Knowledge Base Article 922848 will be unable to open HTML documents in Word > 2003 or 2007 Microsoft Office System. > > How to undo the workaround: > > Windows Registry Editor Version 5.00 > > [HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock] > > > "HTMLFiles"=dword:00000000 > > * Do not open or save Microsoft Office files that you receive from > untrusted sources or that you receive unexpectedly from trusted sources. > This vulnerability could be exploited when a user opens a specially crafted > file. > > *Additional Information: * > The information has been provided by *Microsoft Product Security*. > The original article can be found at: > http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx > > ================================================================================ > > > > > > > This bulletin is sent to members of the SecuriTeam mailing list. > To unsubscribe from the list, send mail with an empty subject line and > body to: [EMAIL PROTECTED] > In order to subscribe to the mailing list and receive advisories in HTML > format, simply forward this email to: [EMAIL PROTECTED] > > ================================================================================ > > ================================================================================ > > > DISCLAIMER: > The information in this bulletin is provided "AS IS" without warranty of > any kind. > In no event shall we be liable for any damages whatsoever including > direct, indirect, incidental, consequential, loss of business profits or > special damages. > > > > > > > >
--~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
