Microsoft写字板和Office文本转换器内存破坏漏洞(MS09-010)

2009-04-25T00:00:00
ID SSV:5103
Type seebug
Reporter Root
Modified 2009-04-25T00:00:00

Description

BUGTRAQ ID: 29769 CVE(CAN) ID: CVE-2009-0087

写字板是Windows操作系统中附件所提供的简单文本编辑工具。

如果用户打开了包含有畸形数据的特制Word 6文件的话,写字板和Microsoft Office中的内存破坏漏洞可能导致执行任意代码。

Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 Microsoft Word 2002 SP3 Microsoft Word 2000 SP3 临时解决方法:

  • 不要使用受影响版本的写字板或Microsoft Office打开或保持从不可信任来源接收到的或从可信任来源意外接收到的Microsoft Office文件。

  • 通过限制访问禁用Word 6转换器:

echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd6.wpc" /E /P everyone:N echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\mswrd632.wpc" /E /P everyone:N echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\mswrd632.cnv" /E /P everyone:N echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\mswrd632.wpc" /E /P everyone:N echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\mswrd632.cnv" /E /P everyone:N echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd664.wpc" /E /P everyone:N echo y| cacls "%ProgramFiles(x86)%\Windows NT\Accessories\mswrd6.wpc" /E /P everyone:N

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS09-010)以及相应补丁: MS09-010:Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx?pf=true</a>

                                        
                                            
                                                http://www.nullcode.com.ar/ncs/crash/video.htm
http://www.nullcode.com.ar/ncs/crash/video.htm
http://www.nullcode.com.ar/ncs/crash/video2.htm
http://www.nullcode.com.ar/ncs/crash/video2.htm