CVE-2003-0664
CVSS7.5
发布时间 :2003-10-20 00:00:00
修订时间 :2008-09-10 15:20:04
NMCOS    

[原文]Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.


[CNNVD]Microsoft Word宏自动执行漏洞(MS03-035)(CNNVD-200310-065)

        
        宏是一系列命令和指令可以集合起来作为一个命令来自动完成某一项任务,Microsoft Word支持使用宏来完成任务,为了防止滥用宏,Microsoft Word设计了安全模型来验证宏必须在用户选择的情况下来执行。
        在这个安全模型中存在一个漏洞,远程攻击者可以利用这个漏洞构建恶意文档,诱使用户打开,并绕过安全模型自动执行宏。
        如果恶意文档被打开,这个漏洞就允许嵌入文档中的恶意宏自动被执行,并且不考虑当前宏安全的级别设置,恶意宏可以以用户权限执行多种攻击,如增加、更改或者删除文件数据,或者与WEB站点通信,甚至格式化硬盘。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:word:97:sr1Microsoft Word 97 sr1
cpe:/a:microsoft:works:2002Microsoft works_suite 2002
cpe:/a:microsoft:word:98Microsoft Word 98
cpe:/a:microsoft:word:2002:sp1Microsoft Word 2002 sp1
cpe:/a:microsoft:word:2002Microsoft Word 2002
cpe:/a:microsoft:word:97:sr2Microsoft Word 97 sr2
cpe:/a:microsoft:word:2000Microsoft Word 2000
cpe:/a:microsoft:word:2000:sp2Microsoft Word 2000 sp2
cpe:/a:microsoft:word:2000:sr1aMicrosoft Word 2000 sr1a
cpe:/a:microsoft:word:97Microsoft Word 97
cpe:/a:microsoft:works:2003Microsoft works_suite 2003
cpe:/a:microsoft:word:2002:sp2Microsoft Word 2002 sp2
cpe:/a:microsoft:works:2001Microsoft works_suite 2001
cpe:/a:microsoft:word:2000:sp3Microsoft Word 2000 sp3
cpe:/a:microsoft:word:2000:sr1Microsoft Word 2000 sr1
cpe:/a:microsoft:word:98:::japanese

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:188MS Word Macro Security Bypass Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0664
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0664
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200310-065
(官方数据源) CNNVD

- 其它链接及资源

http://www.microsoft.com/technet/security/bulletin/ms03-035.asp
(VENDOR_ADVISORY)  MS  MS03-035

- 漏洞信息

Microsoft Word宏自动执行漏洞(MS03-035)
高危 设计错误
2003-10-20 00:00:00 2005-10-20 00:00:00
远程  
        
        宏是一系列命令和指令可以集合起来作为一个命令来自动完成某一项任务,Microsoft Word支持使用宏来完成任务,为了防止滥用宏,Microsoft Word设计了安全模型来验证宏必须在用户选择的情况下来执行。
        在这个安全模型中存在一个漏洞,远程攻击者可以利用这个漏洞构建恶意文档,诱使用户打开,并绕过安全模型自动执行宏。
        如果恶意文档被打开,这个漏洞就允许嵌入文档中的恶意宏自动被执行,并且不考虑当前宏安全的级别设置,恶意宏可以以用户权限执行多种攻击,如增加、更改或者删除文件数据,或者与WEB站点通信,甚至格式化硬盘。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS03-035)以及相应补丁:
        MS03-035:Flaw in Microsoft Word Could Enable Macros to Run Automatically(827653)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS03-035.asp

        补丁下载:
        Microsoft Word 2002:
        
        http://microsoft.com/downloads/details.aspx?FamilyId=7D3775FC-F424-4B04-ABEB-9B4CA1EB182D&displaylang=en

        Administrative update only:
        
        http://www.microsoft.com/office/ork/xp/journ/wrd1006a.htm

        Microsoft Word 2000:
        
        http://microsoft.com/downloads/details.aspx?FamilyId=4A8F6ACE-E14E-4978-A9C9-6989CD03A4A3&displaylang=en

        Administrative update only:
        
        http://www.microsoft.com/office/ork/xp/journ/wrd0903a.htm

        Microsoft Word 97/Microsoft Word 98(J):
        Information on receiving Microsoft Word 97 & Microsoft Word 98(J) support is available at:
        
        http://support.microsoft.com/default.aspx?scid=kb;en-us;827647

        Microsoft建议用户访问Office更新站点
        http://www.office.microsoft.com/ProductUpdates/default.aspx来检测和安装安全补丁。

- 漏洞信息

10935
Microsoft Word Macro Security Model Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-09-03 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft Word Macro Execution Security Model Bypass Vulnerability
Design Error 8533
Yes No
2003-09-03 12:00:00 2009-07-11 11:56:00
Discovery of this issue has been credited to Jim Bassett of Practitioners Publishing Company.

- 受影响的程序版本

Microsoft Works Suite 2004
Microsoft Works Suite 2003
Microsoft Works Suite 2002
Microsoft Works Suite 2001
Microsoft Word 98 Japanese Version
Microsoft Word 98
Microsoft Word 97 SR2
Microsoft Word 97 SR1
Microsoft Word 97
+ Microsoft Office 97
Microsoft Word 2002 SP2
+ Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Word 2002 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Word 2002
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Word 2000 SR1a
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000 SR1
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000 SP3
+ Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Word 2000 SP2
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0

- 漏洞讨论

A vulnerability has been reported to exist in Microsoft Word that may allow an attacker to bypass the macro security model in the software.

The successful exploitation of this issue may allow an attacker to bypass macro execution security model restrictions and execute arbitrary code in the context of the affected user.

The vulnerability may allow an attacker to modify data, install backdoor programs, reformat the hard drive or change the macro settings within Microsoft Word leading to more attacks against the vulnerable system.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released patches in order to address this issue:


Microsoft Word 97 SR2

Microsoft Word 2002 SP1

Microsoft Word 98

Microsoft Works Suite 2003

Microsoft Word 2000

Microsoft Works Suite 2002

Microsoft Word 97 SR1

Microsoft Word 2000 SR1a

Microsoft Word 98 Japanese Version

Microsoft Word 2002 SP2

Microsoft Word 2000 SR1

Microsoft Word 2002

Microsoft Word 2000 SP3

Microsoft Word 2000 SP2

Microsoft Word 97

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站