Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3828
HistoryAug 14, 2008 - 12:00 a.m.

Microsoft Office WPG图形文件处理堆溢出漏洞(MS08-044)

2008-08-1400:00:00
Root
www.seebug.org
14

0.697 Medium

EPSS

Percentile

98.0%

JSON

BUGTRAQ ID: 30598
CVE(CAN) ID: CVE-2008-3021

Microsoft Office是非常流行的办公软件套件。

Office的WPGIMP32.FLT模块没有正确地处理office文档中的PICT图形,如果PICT图形文件中包含有超长的bits_per_pixel字段的话,则打开该文件就可能触发堆溢出,导致执行任意代码。

Microsoft Office XP SP3
Microsoft Office Converter Pack
Microsoft Office 2003 Service Pack 2
Microsoft Office 2000 SP3
Microsoft Works 8.0
临时解决方法:

  • 修改存取控制表以拒绝所有用户对WPG32.FLT的访问

    注册表方法

    1. 单击“开始”,单击“运行”,键入regedit.exe,然后单击“确定”。
    2. 导航到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Graphics Filters\Import\WPG。
    3. 记下Path的值。 在资源管理器中,导航到作为Path的值列出的WPG32.FLT文件。
    4. 右键单击WPG32.FLT文件并选择“属性”。
    5. 在“安全”选项卡上单击“高级”。
    6. 取消选择“允许可继承的权限从父对象传送到此对象…”并单击“删除”。
    7. 单击“确定”、“是”和“确定”。

    脚本方法

    对于Windows XP的所有受支持的32位版本,通过命令提示符运行以下命令
    cacls "%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT" /E /P everyone:N

    对于Windows XP的所有受支持的基于x64的版本,通过命令提示符运行以下命令:
    cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT" /E /P everyone:N

    对于Windows Vista和Windows Server 2008的所有受支持的32位版本,以管理员身份通过命令提示符运行下列命令:
    takeown /f "%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT"
    icacls "%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT" /save %TEMP%\WPG IMP32 _ACL.TXT
    icacls "%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT" /deny everyone:(F)

    对于Windows Vista和Windows Server 2008的所有受支持的基于x64的版本,以管理员身份通过命令提示符运行下列命令:
    takeown /f "%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT"
    icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT" /save %TEMP%\WPG IMP32 _ACL.TXT
    icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT" /deny everyone:(F)

  • 不要打开或保存从不受信任来源或从受信任来源意外收到的文档。

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS08-044)以及相应补丁:
MS08-044:Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
链接:<a href=“http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx?pf=true” target=“_blank”>http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx?pf=true</a>

Related

zdi 1
checkpoint_advisories 2
securityvulns 3
prion 2
cvelist 2
nvd 2
cve 2
nessus 1
openvas 2
zdi
zdi
Microsoft Windows Graphics Rendering Engine PICT Heap Corruption Vulnerability
2008-08-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office PICT Filter Map Structure Memory Corruption - Ver2 (CVE-2008-3021)
2014-04-16 00:00:00
Microsoft Office PICT Filter Map Structure Memory Corruption (MS08-044; CVE-2008-3021)
2008-08-12 00:00:00
securityvulns
securityvulns
ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption
2008-08-13 00:00:00
Microsoft Security Bulletin MS08-044 – Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution &#40;924090&#41;
2008-08-12 00:00:00
Microsoft Office / Word / Excel / Power Point multiple security vulnerabilities
2008-08-13 00:00:00
prion
prion
Design/Logic Flaw
2008-08-12 23:41:00
Security feature bypass
2008-08-12 23:41:00
cvelist
cvelist
CVE-2008-3021
2008-08-12 23:00:00
CVE-2008-3018
2008-08-12 23:00:00
nvd
nvd
CVE-2008-3018
2008-08-12 23:41:00
CVE-2008-3021
2008-08-12 23:41:00
cve
cve
CVE-2008-3018
2008-08-12 23:41:00
CVE-2008-3021
2008-08-12 23:41:00
nessus
nessus
MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
2008-08-13 00:00:00
openvas
openvas
Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)
2008-08-19 00:00:00
Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (924090)
2008-08-19 00:00:00

0.697 Medium

EPSS

Percentile

98.0%

JSON
Related for SSV:3828
zdi1checkpoint_advisories2securityvulns3prion2cvelist2nvd2cve2nessus1openvas2