Microsoft Wordpad Word 97转换器远程代码执行漏洞(MS09-010)

2009-04-16T00:00:00
ID SSV:5048
Type seebug
Reporter Root
Modified 2009-04-16T00:00:00

Description

BUGTRAQ ID: 34470 CVE(CAN) ID: CVE-2009-0235

写字板是默认安装在所有Windows系统中的文字处理应用程序。

如果用户打开了特制的Word文件,写字板中的内存破坏可能导致远程代码执行。 0 Microsoft Windows XP x64 SP2 Microsoft Windows XP x64 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 临时解决方法:

  • 通过限制对mswrd8.wpc的访问禁用Word 6转换器

echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\mswrd832.cnv" /E /P everyone:N echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\mswrd832.cnv" /E /P everyone:N echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd8.wpc" /E /P everyone:N echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd864.wpc" /E /P everyone:N echo y| cacls "%ProgramFiles(x86)%\Windows NT\Accessories\mswrd8.wpc" /E /P everyone:N

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS09-010)以及相应补丁: MS09-010:Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx?pf=true</a>