CVE-2003-0821
CVSS7.5
发布时间 :2003-12-15 00:00:00
修订时间 :2008-09-10 15:20:33
NMCS    

[原文]Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.


[CNNVD]Microsoft Word/Excel 远程任意代码可执行漏洞(MS03-050)(CNNVD-200312-040)

        
        Microsoft Word和Excel是流行的文字编辑软件。
        Microsoft Word和Excel对宏处理存在安全问题,远程攻击者可以利用这个漏洞构建恶意文档,诱使用户访问,以用户权限增加、更改、删除文件数据、与WEB站点交互或格式化驱动盘。
        - 在Microsoft Excel存在安全漏洞可允许恶意代码执行。Excel在读取宏指令前检查数据表的时存在问题。如果成功利用这个漏洞。攻击者可以构建恶意文件绕过宏安全模型。如果恶意数据表被打开,这个漏洞就允许嵌入文件的宏自动被执行,而无视宏安全是否设置。恶意宏可以以用户权限增加,更改或删除文件数据,或与WEB站点交互或格式化驱动盘。
        - Microsoft Word存在一个安全漏洞允许恶意代码被执行。问题存在于Word在检查嵌入到文档中的宏名称数据长度时缺少正确的边界缓冲区检查,如果构建恶意文档可导致在Word中溢出数据值,并允许执行任意代码,如果成功,攻击者可以以用户权限增加,更改或删除文件数据,或与WEB站点交互或格式化驱动盘。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:word:97:::japanese
cpe:/a:microsoft:word:97:sr1Microsoft Word 97 sr1
cpe:/a:microsoft:word:2002:sp1Microsoft Word 2002 sp1
cpe:/a:microsoft:word:97:::chinese
cpe:/a:microsoft:word:98:::chinese
cpe:/a:microsoft:works:2004Microsoft Works 2004
cpe:/a:microsoft:word:2000:::chinese
cpe:/a:microsoft:word:2000:::japanese
cpe:/a:microsoft:word:2000:sr1aMicrosoft Word 2000 sr1a
cpe:/a:microsoft:word:2000:sp2Microsoft Word 2000 sp2
cpe:/a:microsoft:word:2000Microsoft Word 2000
cpe:/a:microsoft:word:2002:sp2Microsoft Word 2002 sp2
cpe:/a:microsoft:word:2000:sp3Microsoft Word 2000 sp3
cpe:/a:microsoft:word:2000:sr1Microsoft Word 2000 sr1
cpe:/a:microsoft:word:98:::japanese
cpe:/a:microsoft:word:98:::korean
cpe:/a:microsoft:word:98:sr1::japanese
cpe:/a:microsoft:word:97:::korean
cpe:/a:microsoft:works:2002Microsoft works_suite 2002
cpe:/a:microsoft:word:98Microsoft Word 98
cpe:/a:microsoft:word:2002Microsoft Word 2002
cpe:/a:microsoft:word:97:sr2Microsoft Word 97 sr2
cpe:/a:microsoft:word:97Microsoft Word 97
cpe:/a:microsoft:works:2003Microsoft works_suite 2003
cpe:/a:microsoft:word:98:sr2::japanese
cpe:/a:microsoft:word:2000:::korean
cpe:/a:microsoft:works:2001Microsoft works_suite 2001

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:695MS Excel 2002 Malicious Macro Security Bypass Vulnerability
oval:org.mitre.oval:def:675MS Excel 97 Malicious Macro Security Bypass Vulnerability
oval:org.mitre.oval:def:636MS Excel 2000 Malicious Macro Security Bypass Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0821
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0821
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-040
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/13681
(VENDOR_ADVISORY)  XF  excel-macro-execute-code (13681)
http://www.microsoft.com/technet/security/bulletin/ms03-050.asp
(VENDOR_ADVISORY)  MS  MS03-050
http://www.securityfocus.com/bid/9010
(UNKNOWN)  BID  9010

- 漏洞信息

Microsoft Word/Excel 远程任意代码可执行漏洞(MS03-050)
高危 其他
2003-12-15 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft Word和Excel是流行的文字编辑软件。
        Microsoft Word和Excel对宏处理存在安全问题,远程攻击者可以利用这个漏洞构建恶意文档,诱使用户访问,以用户权限增加、更改、删除文件数据、与WEB站点交互或格式化驱动盘。
        - 在Microsoft Excel存在安全漏洞可允许恶意代码执行。Excel在读取宏指令前检查数据表的时存在问题。如果成功利用这个漏洞。攻击者可以构建恶意文件绕过宏安全模型。如果恶意数据表被打开,这个漏洞就允许嵌入文件的宏自动被执行,而无视宏安全是否设置。恶意宏可以以用户权限增加,更改或删除文件数据,或与WEB站点交互或格式化驱动盘。
        - Microsoft Word存在一个安全漏洞允许恶意代码被执行。问题存在于Word在检查嵌入到文档中的宏名称数据长度时缺少正确的边界缓冲区检查,如果构建恶意文档可导致在Word中溢出数据值,并允许执行任意代码,如果成功,攻击者可以以用户权限增加,更改或删除文件数据,或与WEB站点交互或格式化驱动盘。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS03-050)以及相应补丁:
        MS03-050:Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS03-050.asp

        补丁下载:
        Microsoft Excel 97
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=927F8F0C-DB5A-4601-A628-2C3A1ED5D51B&displaylang=en

        Microsoft Excel 2000
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=9904B2A6-0CF0-4CF2-AAE0-062BDD7417D5&displaylang=en

        Microsoft Excel 2002
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=FAB7259D-80B2-40E6-A235-581617287560&displaylang=en

        Microsoft Word 97
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=5261EF7F-CC89-403C-949F-5F423E68C7AF&displaylang=en

        Microsoft Word 98(J)
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=75B9C39D-E6BD-4CE4-BD89-6F7B5AF2BDB1&displaylang=ja

        Microsoft Word 2000 and Microsoft Works Suite 2001
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=D2BD626E-401B-4FC7-BBAC-2C6B6E66D984&displaylang=en

        Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=B9B4E491-0B33-423A-8FEE-27059A29B604&displaylang=en

- 漏洞信息

Microsoft Excel XLM Macro Security Level Bypass Vulnerability
Failure to Handle Exceptional Conditions 9010
Yes No
2003-11-11 12:00:00 2009-07-12 12:56:00
Discovery of this vulnerability has been credited to Kazuyuki Housaka.

- 受影响的程序版本

Microsoft Excel 97 SR2
Microsoft Excel 97 SR1
Microsoft Excel 97
+ Microsoft Office 97
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Microsoft Excel 2002 SP2
+ Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Excel 2002 SP1
+ Microsoft Office XP SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Excel 2002
+ Microsoft Office XP
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Excel 2000 SR1
+ Microsoft Office 2000 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
Microsoft Excel 2000 SP3
+ Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Excel 2000 SP2
+ Microsoft Office 2000 SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
Microsoft Excel 2000
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Excel 2003
+ Microsoft Office 2003 0

- 不受影响的程序版本

Microsoft Excel 2003
+ Microsoft Office 2003 0

- 漏洞讨论

A vulnerability has been reported to affect Microsoft Excel that could be exploited by an attacker to execute an XLM macro regardless of the macro security level. The issue has been reported to present itself due to a failure by Excel to sufficiently scan a malicious spreadsheet file before opening it. As a result of this failure an XLM macro embedded in a malicious spreadsheet will be executed when the document is opened, without Excel presenting a macro security warning and regardless of Excel macro security settings.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released a security bulletin (MS03-050) and fixes to address this issue. Users who are potentially affected by this vulnerability are advised to apply these fixes as soon as possible.


Microsoft Excel 97 SR2

Microsoft Excel 2000 SP3

Microsoft Excel 2002 SP2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站