BUGTRAQ ID: 27659
CVE(CAN) ID: CVE-2008-0108
Microsoft Works是微软在早期所发布的文件处理程序。
Works文件转换器在处理畸形格式的字段长度信息存在漏洞,远程攻击者可能利用此漏洞控制用户系统。
Works文件转换器(wkcvqd01.dll)在将Microsoft Works文档(.wps)转换为富文本格式(RTF)时没有正确的验证字段长度信息,如果攻击者创建了特制的Works文档文档并修改了其中某些字段(如长度或计数值)的话,就可能触发栈溢出,导致执行任意指令。
Microsoft Office 2003 Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Works Suite 2005
Microsoft Works 8.0
临时解决方法:
Windows XP:
Echo y| cacls "%ProgramFiles%\Common Files\Microsoft shared\TextConv\wkcvqd01.dll" /E /P everyone:N
Windows Vista:
Takeown.exe /f "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll"
Icacls.exe "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" /save %TEMP%\wkcvqd01 _ACL.TXT
Icacls.exe "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" /deny everyone:(F)
Windows XP:
md "%ProgramFiles%\Common Files\Microsoft Shared\TextConv"
echo Placeholder > "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll"
Echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" /E /P everyone:N
Windows Vista:
md "%ProgramFiles%\Common Files\Microsoft Shared\TextConv"
echo Placeholder > "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll"
Icacls.exe "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" /deny everyone:(F)
厂商补丁:
Microsoft已经为此发布了一个安全公告(MS08-011)以及相应补丁:
MS08-011:Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
链接:<a href=“http://www.microsoft.com/technet/security/Bulletin/MS08-011.mspx?pf=true” target=“_blank”>http://www.microsoft.com/technet/security/Bulletin/MS08-011.mspx?pf=true</a>