漏洞信息详情
Microsoft Excel对象类型混淆远程代码执行漏洞
- CNNVD编号:CNNVD-201003-144
- 危害等级: 超危
- CVE编号: CVE-2010-0258
- 漏洞类型: 代码注入
- 发布时间: 2010-03-10
- 威胁类型: 远程
- 更新时间: 2011-07-12
- 厂 商: microsoft
- 漏洞来源: Sean Larsson
漏洞简介
Microsoft Excel是美国微软(Microsoft)公司Office套件中的一款电子表格处理软件。
Microsoft Excel在解析XSL文件中的畸形BRAI BIFF记录时存在内存破坏漏洞。多个记录之间所共享的包含有识别对象类型字段的记录可能导致类型混淆。用户受骗打开了特制的Excel文档就可以触发这个漏洞。通过控制所分配堆块边界之外的内存,远程攻击者就可以控制虚函数调用中所使用的C++对象指针,导致将内存区处理为不同的对象类型,越界访问所分配的对象。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft Office 2008 for Mac 0
Microsoft Microsoft Office 2008 for Mac 12.2.4 Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=e0ed1569-ab2f -407c-b728-4eddc463c385
Microsoft Excel 2003 SP3
Microsoft Security Update for Microsoft Office Excel 2003 (KB978474)
http://www.microsoft.com/downloads/details.aspx?familyid=7E42793E-747B -48DA-968A-1EC29EA37151
Microsoft Office Compatibility Pack 2007 SP2
Microsoft Security Update for the 2007 Microsoft Office System (KB978380)
http://www.microsoft.com/downloads/details.aspx?familyid=314F076E-8F9D -46C2-B666-86599A02BF15
Microsoft Office Compatibility Pack 2007 SP1
Microsoft Security Update for the 2007 Microsoft Office System (KB978380)
http://www.microsoft.com/downloads/details.aspx?familyid=314F076E-8F9D -46C2-B666-86599A02BF15
Microsoft Open XML File Format Converter for Mac 0
Microsoft Open XML File Format Converter for Mac 1.1.4
http://www.microsoft.com/downloads/details.aspx?FamilyID=4c5487d5-c912 -4087-8c83-769e3fb78ea9
Microsoft Excel Viewer SP1
Microsoft Security Update for Microsoft Office Excel Viewer (KB978383)
http://www.microsoft.com/downloads/details.aspx?familyid=010D0A4D-02A4 -4142-963B-A38CD06CC897
Microsoft Excel 2007 SP2
Microsoft Security Update for Microsoft Office Excel 2007 (KB978382)
http://www.microsoft.com/downloads/details.aspx?familyid=03429F8A-8AAB -4A59-97E4-7CE047F100A5
Microsoft Excel 2007 SP1
Microsoft Security Update for Microsoft Office Excel 2007 (KB978382)
http://www.microsoft.com/downloads/details.aspx?familyid=03429F8A-8AAB -4A59-97E4-7CE047F100A5
Microsoft Excel 2002 SP3
Microsoft Security Update for Microsoft Excel 2002 (KB978471)
http://www.microsoft.com/downloads/details.aspx?familyid=E0136F62-60CE -4EBD-8660-BE81EBA29AE8
Microsoft Office 2004 for Mac 0
Microsoft Microsoft Office 2004 for Mac 11.5.8 Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=ae5936f8-fe3f -4d23-a37c-d80f228e475e
Microsoft Excel Viewer SP2
Microsoft Security Update for Microsoft Office Excel Viewer (KB978383)
http://www.microsoft.com/downloads/details.aspx?familyid=010D0A4D-02A4 -4142-963B-A38CD06CC897
参考网址
来源: MS
名称: MS10-017
链接:http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx
来源:NSFOCUS 名称:14613 链接:http://www.nsfocus.net/vulndb/14613
受影响实体
- Microsoft Excel:2002:Sp3
- Microsoft Excel:2003:Sp3
- Microsoft Office_sharepoint_server:2007:Sp2:X64
- Microsoft Office_sharepoint_server:2007:Sp1:X64
- Microsoft Office_sharepoint_server:2007:Sp2:X32
补丁
暂无
评论