Microsoft Word 2000 WordPerfect转换器栈溢出漏洞(MS09-010)

2009-04-16T00:00:00
ID SSV:5049
Type seebug
Reporter Root
Modified 2009-04-16T00:00:00

Description

BUGTRAQ ID: 34469 CVE(CAN) ID: CVE-2009-0088

Word是微软Office套件中的文件处理工具。

Word可以通过应用过滤器模块将其他应用程序所创建的文档转换为Word可使用的格式。Word 2000所使用的WordPerfect 6.x转换器的转换代码没有对数据结构所分配的长度正确的验证计数器,如果解析了特制的WordPerfect文档就可能触发栈溢出,导致执行任意代码。

Microsoft Word 2000 SP3 临时解决方法:

  • 不要打开或保存从不可信任来源接收到的或从可信任来源意外接收到的Microsoft Office文件。

  • 通过限制对wpft632.cnv的访问禁用Office文本转换器:

echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wpft632.cnv" /E /P everyone:N echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\wpft632.cnv" /E /P everyone:N

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS09-010)以及相应补丁: MS09-010:Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx?pf=true</a>

补丁下载: <a href=http://www.microsoft.com/downloads/details.aspx?familyid=95876927-e612-414c-bdec-3632a3100415 target=_blank rel=external nofollow>http://www.microsoft.com/downloads/details.aspx?familyid=95876927-e612-414c-bdec-3632a3100415</a> <a href=http://www.microsoft.com/downloads/details.aspx?familyid=d763fae3-b2af-47f9-a554-ec786766b3c3 target=_blank rel=external nofollow>http://www.microsoft.com/downloads/details.aspx?familyid=d763fae3-b2af-47f9-a554-ec786766b3c3</a>