BUGTRAQ ID: 30640
CVE(CAN) ID: CVE-2008-3006
Excel是Microsoft Office办公软件套件中的电子表格工具。
Excel没有正确地处理BIFF文件格式,在处理文件中的畸形Country(0x8c)记录时可能会触发内存破坏,导致以当前登录用户的权限执行任意指令。
Microsoft Excel COUNTRY记录内存破坏漏洞(MS08-043)
Published:2008-08-12
Vulnerable:
Microsoft Excel Viewer 2003 SP3
Microsoft Excel Viewer 2003
Microsoft Excel Viewer
Microsoft Excel 2007 SP1
Microsoft Excel 2007
Microsoft Excel 2003 SP3
Microsoft Excel 2003 SP2
Microsoft Excel 2002 SP3
Microsoft Excel 2000 SP3
Microsoft Office 2008 for Mac
Microsoft Office 2004 for Mac
Microsoft Office SharePoint Server 2007 SP1
Microsoft Office SharePoint Server 2007
Discription:
<*References
ZDI (http://www.zerodayinitiative.com/)*>
http://www.zerodayinitiative.com/advisories/ZDI-08-048/
http://secunia.com/advisories/31454/
http://www.microsoft.com/technet/security/Bulletin/MS08-043.mspx?pf=true
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
SEBUG Solution:
临时解决方法:
* 不要打开或保存从不受信任来源或从受信任来源意外收到的文档。
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS08-043)以及相应补丁:
MS08-043:Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
链接:http://www.microsoft.com/technet/security/Bulletin/MS08-043.mspx?pf=true
* 不要打开或保存从不受信任来源或从受信任来源意外收到的文档。
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS08-043)以及相应补丁:
MS08-043:Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
链接:http://www.microsoft.com/technet/security/Bulletin/MS08-043.mspx?pf=true
// Sebug.net [ 2008-08-15 ]