Lucene search
RootSSV:19249HistoryMar 10, 2010 - 12:00 a.m.
Microsoft Excel XLSX文件解析远程代码执行漏洞(MS10-017)
2010-03-1000:00:00
Root
www.seebug.org
16
0.957 High
EPSS
Percentile
99.3%
BUGTRAQ ID: 38554
CVE ID: CVE-2010-0263
Excel是微软Office套件中的电子表格工具。
XLSX文件是组成新的开放XML文档相关内容的ZIP档案文件。在解压XLSX文件中的某些XML元素时由于没有验证ZIP头,可能会导致执行未初始化的内存。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。
Microsoft Excel Viewer SP2
Microsoft Excel Viewer SP1
Microsoft Excel 2007 SP2
Microsoft Excel 2007 SP1
Microsoft Office SharePoint Server 2007 SP2
Microsoft Office SharePoint Server 2007 SP1
厂商补丁:
Microsoft
Microsoft已经为此发布了一个安全公告(MS10-017)以及相应补丁:
MS10-017:Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
链接:http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx?pf=true
* 使用Microsoft Office文件阻断策略以防止打开未知或不可信任来源的Office 2007文档。
Related
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2010-0263
2010-03-10 22:30:00
securityvulns
securityvulns
ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability
2010-03-10 00:00:00
Microsoft Excel multiple security vulnerabilities
2010-03-11 00:00:00
prion
prion
Remote code execution
2010-03-10 22:30:00
zdi
zdi
Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability
2010-03-09 00:00:00
nessus
nessus
openvas
openvas
Microsoft Office Excel Multiple Vulnerabilities (980150)
2010-03-10 00:00:00
Microsoft Office Excel Multiple Vulnerabilities (980150)
2010-03-10 00:00:00