Lucene search
RootSSV:19776HistoryJun 10, 2010 - 12:00 a.m.
Microsoft Office COM对象验证远程代码执行漏洞(MS10-036)
2010-06-1000:00:00
Root
www.seebug.org
15
0.899 High
EPSS
Percentile
98.5%
BUGTRAQ ID: 40574
CVE ID: CVE-2010-1263
Microsoft Office是非常流行的办公软件套件。
Office中的组件在实例化对象时没有充分地验证COM对象,用户受骗打开了恶意的Excel、PowerPoint、Publisher、Visio 或Word文档就会导致执行任意代码。
Microsoft Office XP SP3
Microsoft Office 2007 SP2
Microsoft Office 2007 SP1
Microsoft Office 2003 Service Pack 3
临时解决方法:
- 不要打开从不受信任来源或从受信任来源意外收到的Office文件。
厂商补丁:
Microsoft
Microsoft已经为此发布了一个安全公告(MS10-036)以及相应补丁:
MS10-036:Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
链接:http://www.microsoft.com/technet/security/bulletin/MS10-036.mspx?pf=true
Related
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
cve
cve
CVE-2010-1263
2010-06-08 20:30:00
nessus
nessus
MS10-083: Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)
2010-10-13 00:00:00
MS10-036: Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
2010-06-09 00:00:00
Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)
2018-04-03 00:00:00
mskb
mskb
openvas
openvas
Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)
2010-10-13 00:00:00
Microsoft Office COM Validation Remote Code Execution Vulnerability (983235)
2010-06-09 00:00:00
Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)
2010-10-13 00:00:00
cvelist
cvelist
CVE-2010-1263
2010-06-08 20:00:00
prion
prion
Input validation
2010-06-08 20:30:00