Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:11604
HistoryJun 13, 2009 - 12:00 a.m.

Microsoft Office Works文件转换器栈溢出漏洞(MS09-024)

2009-06-1300:00:00
Root
www.seebug.org
11

0.877 High

EPSS

Percentile

98.4%

JSON

BUGTRAQ ID: 35184
CVE(CAN) ID: CVE-2009-1533

Works是微软的家用综合软件,提供基本的能提高生活效率的工具,如简单的文档处理、数据库、电子表格的入门级办公包功能。

Windows文件转换器的Works处理特制Works文件的方式中存在栈溢出漏洞。如果用户打开了包含有超长字体名的特制.wps文件,就可以触发这个溢出,导致执行任意代码。

Microsoft Office XP SP3
Microsoft Office 2007 SP1
Microsoft Office 2003 Service Pack 3
Microsoft Office 2000 SP3
Microsoft Works 9.0
Microsoft Works 8.5
临时解决方法:

  • 对于Word 2000和Word 2002,通过限制访问来禁用Works 4.x转换器。

对于Microsoft Windows 2000、Windows XP和Windows Server 2003,通过命令提示符运行以下命令:

cacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /E /P everyone:N
cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" /E /P everyone:N

对于Vista/Server 2008,从提升的命令提示符处运行下列命令:

takeown /f "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv"
icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /save works432_ACL.TXT
icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /deny everyone:(F)
takeown /f "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv"
icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" /save works432_ACL.TXT
icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" /deny everyone:(F)

  • 对于安装了Microsoft Works 6–9文件转换器的Word 2003和Word 2007,通过限制访问来禁用Works 6-9转换器。

对于Microsoft Windows 2000、Windows XP和Windows Server 2003,通过命令提示符运行以下命令:

cacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv" /E /P everyone:N
cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv" /E /P everyone:N

对于Windows Vista和Windows Server 2008,从提升的命令提示符处运行下列命令:

takeown /f "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv"
icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv" /save works632_ACL.TXT
icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv" /deny everyone:(F)
takeown /f "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv"
icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv" /save works632_ACL.TXT
icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv" /deny everyone:(F)

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS09-024)以及相应补丁:
MS09-024:Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
链接:<a href=“http://www.microsoft.com/technet/security/Bulletin/MS09-024.mspx?pf=true” target=“_blank”>http://www.microsoft.com/technet/security/Bulletin/MS09-024.mspx?pf=true</a>

Related

cve 1
prion 1
saint 4
securityvulns 1
jvn 1
checkpoint_advisories 1
nessus 1
cve
cve
CVE-2009-1533
2009-06-10 18:00:00
prion
prion
Buffer overflow
2009-06-10 18:00:00
saint
saint
Microsoft Works File Converter FontName buffer overflow
2009-06-15 00:00:00
Microsoft Works File Converter FontName buffer overflow
2009-06-15 00:00:00
Microsoft Works File Converter FontName buffer overflow
2009-06-15 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS09-024 - Critical Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution &#40;957632&#41;
2009-06-10 00:00:00
jvn
jvn
JVN#70858401 Buffer overflow vulnerability in Microsoft Works converters
2009-06-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Works Oversized Font Buffer Overflow (MS09-024; CVE-2009-1533)
2009-06-09 00:00:00
nessus
nessus
MS09-024: Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
2009-06-10 00:00:00

0.877 High

EPSS

Percentile

98.4%

JSON
Related for SSV:11604
cve1prion1saint4securityvulns1jvn1checkpoint_advisories1nessus1