漏洞信息详情
Microsoft Office Web Components ActiveX 控件 缓冲区溢出漏洞
- CNNVD编号:CNNVD-200908-130
- 危害等级: 超危
- CVE编号: CVE-2009-1534
- 漏洞类型: 缓冲区溢出
- 发布时间: 2009-08-12
- 威胁类型: 远程
- 更新时间: 2009-08-12
- 厂 商: microsoft
- 漏洞来源: Sean Larsson of Ve...
漏洞简介
Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, 以及 Visual Studio .NET 2003 SP1的Office Web Components ActiveX 控件中存在缓冲区溢出,该漏洞会允许远程攻击者通过精心设计的属性值来执行任意代码,该漏洞又称作 \"Office Web 组件缓冲区溢出漏洞\"。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft Office XP SP3
Microsoft Security Update for Microsoft Office XP Web Components (KB947320)
http://www.microsoft.com/downloads/details.aspx?familyid=60e2e4e7-aa75 -441d-b6fc-7e850bf8e580
Microsoft Office XP Web Components SP3
Microsoft Security Update for Microsoft Office XP Web Components (KB947320)
http://www.microsoft.com/downloads/details.aspx?familyid=60e2e4e7-aa75 -441d-b6fc-7e850bf8e580
Microsoft Office 2000 Web Components SP3
Microsoft Security Update for Microsoft Office XP Web Components (KB947320)
http://www.microsoft.com/downloads/details.aspx?familyid=60e2e4e7-aa75 -441d-b6fc-7e850bf8e580
参考网址
来源: US-CERT
名称: TA09-223A
链接:http://www.us-cert.gov/cas/techalerts/TA09-223A.HTML
来源: BID
名称: 35992
链接:http://www.securityfocus.com/bid/35992
来源: MS
名称: MS09-043
链接:http://www.microsoft.com/technet/security/Bulletin/MS09-043.mspx
来源: SECTRACK
名称: 1022708
链接:http://www.securitytracker.com/id?1022708
来源: OSVDB
名称: 56916
链接:http://osvdb.org/56916
受影响实体
- Microsoft Biztalk_server:2002
- Microsoft Visual_studio_.Net:2003:Sp1
- Microsoft Office:-:Small_business_accounting_2006
- Microsoft Isa_server:2006:Sp1:Standard
- Microsoft Isa_server:2006:Sp1:Enterprise
补丁
暂无
评论