Microsoft Office 内存损坏漏洞(CVE-2015-1641)

来源： http://drops.wooyun.org/papers/9809 Microsoft Office 内存损坏漏洞 0x01 漏洞概述 今年4月份微软修补了一个名为CVE-2015-1641的word类型混淆漏洞，攻击者可以构造嵌入了docx的rtf文档进行攻击。word在解析docx文档处理displacedByCustomXML属性时未对customXML对象进行验证，可以传入其他标签对象进行处理，造成类型混淆，导致任意内存写入，最终经过精心构造的标签以及对应的属性值可以造成远程任意代码执行。 根据微软官方MS15-33安全公告里显示，这个漏洞覆盖Office 2007...

word type confusion Vulnerability CVE-2 0 1 5-1 6 4 1 Analysis-vulnerability warning-the black bar safety net

Vulnerability overview This year 4 month, Microsoft patched a named CVE-2 0 1 5-1 6 4 1 word type confusion vulnerability, an attacker can construct the embedded docx rtf documents to attack. word in parsing the docx document processing displacedByCustomXML attribute not customXML object for...

Microsoft Outlook RTF Embedded Object Security Bypass (CVE-2004-0503)

A security bypass vulnerability exists in Microsoft Outlook. The vulnerability is due to a lack of validation for certain OLE objects attached to RTF messages. A successful exploitation may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-locati...

Researchers Outline New Italian RAT uWarrior

Details have come to light about a new remote access Trojan called uWarrior that arrives embedded in a rigged .RTF document. Researchers with Palo Alto Networks’ research division, Unit 42, described the malware and how it appears to have emanated from an “unknown actor of Italian origin,” in a...

MS15-069: Vulnerabilities in Windows Could Allow Remote Code Execution (3072631)

The remote Windows host is affected by multiple remote code execution vulnerabilities : - A remote code execution vulnerability exists due to improper handling of the loading of dynamic link library DLL files. A remote attacker can exploit this vulnerability by placing a specially crafted DLL fil...

Microsoft Word Intruder RTF FILE

Malicious word documents can be created using Microsoft Word Intruder MWI. This tool can be used in targeted attacks. Successful infection will allow the attacker to download additional malware to the target...

[USN-2578-1] LibreOffice vulnerabilities

========================================================================== Ubuntu Security Notice USN-2578-1 April 27, 2015 libreoffice vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

Ubuntu 14.04 LTS : LibreOffice vulnerabilities (USN-2578-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2578-1 advisory. Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF...

Ubuntu: Security Advisory (USN-2578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2578-1: LibreOffice vulnerabilities

Alexander Cherepanov discovered that LibreOffice incorrectly handled certain RTF files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. CVE-2014-9093 It was discovered that LibreOffice...

CVE-2015-1641

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...

CVE-2015-1641

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...

CVE-2015-1641

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute...

Microsoft Office RTF Stack Buffer Overflow (MS10-087) - Ver2 (CVE-2010-3333)

RTF provides a format for text and graphics interchange that can be used with different operating systems. A buffer overflow vulnerability has been identified in the way Microsoft Office parses Rich Text Format RTF files. . The vulnerability is due to an error in Microsoft Office that fails to...

Microsoft Word RTF listoverridecount Memory Corruption - Ver2 (CVE-2014-1761)

A memory corruption vulnerability has been reported in Microsoft Word. The vulnerability is due to improper handling of structures when parsing a specially crafted RTF document. An attacker could exploit this vulnerability by enticing the target user to open a specially crafted RTF file. Successf...

Microsoft Word RTF Object Parsing Memory Corruption (MS08-072) - Ver2 (CVE-2008-4030)

Rich Text Format RTF provides a format for text and graphics interchange that can be used with different operating systems. OLE is the technology that applications use to create and edit compound documents. By using OLE technology, an application can provide embedding and linking support. A remot...

Microsoft Office Word 2007 - RTF Object Confusion (ASLR and DEP Bypass) Exploit

Exploit for windows platform in category local exploits Title : Microsoft Office Word 2007 - RTF Object Confusion ASLR and DEP bypass Date : 28/02/2015 Author : R-73eN Software : Microsoft Office Word 2007 Tested : Windows 7 Starter import sys Windows Message Box / all versions . Thanks to Giusep...

Microsoft-Office-Word-2007-RTF

Title : Microsoft Office Word 2007 - RTF Object Confusion ASLR and DEP bypass Date : 28/02/2015 Author : R-73eN Software : Microsoft Office Word 2007 Tested : Windows 7 Starter import sys Windows Message Box / all versions shellcode =...

CVE-2015-0086

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP...

CVE-2015-0086

CVE-2015-0086 affects Microsoft Office/Word products including Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold/SP1, Word 2013 RT Gold/SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Serve...