Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:553
HistoryNov 22, 2006 - 12:00 a.m.

Microsoft Office嵌入Shockwave Flash对象绕过安全限制漏洞(MS06-069)

2006-11-2200:00:00
Root
www.seebug.org
26
JSON

Microsoft Excel是非常流行的电子表格办公软件。

Microsoft Excel对文件中的对象处理存在漏洞,攻击者可能利用此漏洞在用户机器上执行任意指令。

攻击可以使用Shockwave Flash Object将有Java脚本的恶意Flash文件嵌入到Excel表单中,这样如果用户打开了该文件的话便无需用户交互便自动运行该对象。

Microsoft Excel 2003
Microsoft Office 2003
Microsoft已经为此发布了一个安全公告(MS06-069)以及相应补丁:
MS06-069:Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
链接:<a href=“http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx” target=“_blank”>http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx</a>


                                                http://hackingspirits.com/vuln-rnd/xls-embed-swf-expl.zip
JSON