CVE-2004-0963
CVSS10.0
发布时间 :2005-02-09 00:00:00
修订时间 :2016-10-17 22:50:12
NMCOS    

[原文]Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.


[CNNVD]Microsoft Word文件解析溢出(MS05-023)(CNNVD-200502-039)

        Microsoft Word是微软发布的非常流行的办公软件。
        Microsoft Word中存在缓冲区溢出漏洞,起因是winword.exe在解析文档文件时缺少数据验证,这样就可能通过修改*.doc文件中的数据触发异常。
        成功利用这个漏洞的攻击者可以完全控制受影响的系统,然后攻击者就可以安装程序,浏览,更改或删除数据,或创建拥有完全权限的新帐号。在系统中配置为较少权限的帐号比以管理权限操作用户所受威胁要小。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:420Word 2003 (wordview) Malicious .doc Buffer Overflow
oval:org.mitre.oval:def:2216Word 2000 Malicious .doc Buffer Overflow
oval:org.mitre.oval:def:2105Word 2002 Malicious .doc Buffer Overflow
oval:org.mitre.oval:def:1795Word 2003 Malicious .doc Buffer Overflow
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0963
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0963
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-039
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109716247230733&w=2
(UNKNOWN)  BUGTRAQ  20041006 [HV-HIGH] MS Word multiple exceptions, at least one exploitable
http://www.microsoft.com/technet/Security/bulletin/ms05-023.mspx
(UNKNOWN)  MS  MS05-023
http://xforce.iss.net/xforce/xfdb/17635
(VENDOR_ADVISORY)  XF  word-file-parsing-bo(17635)

- 漏洞信息

Microsoft Word文件解析溢出(MS05-023)
危急 缓冲区溢出
2005-02-09 00:00:00 2005-10-20 00:00:00
远程  
        Microsoft Word是微软发布的非常流行的办公软件。
        Microsoft Word中存在缓冲区溢出漏洞,起因是winword.exe在解析文档文件时缺少数据验证,这样就可能通过修改*.doc文件中的数据触发异常。
        成功利用这个漏洞的攻击者可以完全控制受影响的系统,然后攻击者就可以安装程序,浏览,更改或删除数据,或创建拥有完全权限的新帐号。在系统中配置为较少权限的帐号比以管理权限操作用户所受威胁要小。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Microsoft Word 2003
        Microsoft Security Update for Word 2003 (KB887979)
        http://www.microsoft.com/downloads/details.aspx?familyid=9158279D-4421 -4932-9318-02CA829A9B43&displaylang=en
        Microsoft Word 2000 Japanese Version
        Microsoft Security Update for Word 2000 (KB887977)
        http://www.microsoft.com/downloads/details.aspx?familyid=9F4B6868-2F94 -478F-B0BC-0DA3E0571523&displaylang=en
        Microsoft Word 2002 SP1
        Microsoft Security Update for Word 2002 (KB887978)
        http://www.microsoft.com/downloads/details.aspx?familyid=34998255-E004 -4A29-9418-35C5818E54CB&displaylang=en
        Microsoft Word 2003 Viewer
        Microsoft Word Viewer 2003
        http://www.microsoft.com/downloads/details.aspx?familyid=95E24C87-8732 -48D5-8689-AB826E7B8FDF&displaylang=en
        Microsoft Works Suite 2003
        Microsoft Security Update for Word 2002 (KB887978)
        http://www.microsoft.com/downloads/details.aspx?familyid=34998255-E004 -4A29-9418-35C5818E54CB&displaylang=en
        Microsoft Word 2000
        Microsoft Security Update for Word 2000 (KB887977)
        http://www.microsoft.com/downloads/details.aspx?familyid=9F4B6868-2F94 -478F-B0BC-0DA3E0571523&displaylang=en
        Microsoft Works Suite 2002
        Microsoft Security Update for Word 2002 (KB887978)
        http://www.microsoft.com/downloads/details.aspx?familyid=34998255-E004 -4A29-9418-35C5818E54CB&displaylang=en
        Microsoft Word 2000 SR1a
        Microsoft Security Update for Word 2000 (KB887977)
        http://www.microsoft.com/downloads/details.aspx?familyid=9F4B6868-2F94 -478F-B0BC-0DA3E0571523&displaylang=en
        Microsoft Works Suite 2001
        Microsoft Security Update for Word 2000 (KB887977)
        http://www.microsoft.com/downloads/details.aspx?familyid=9F4B6868-2F94 -478F-B0BC-0DA3E0571523&displaylang=en
        Microsoft Word 2000 Korean Version
        Microsoft Security Update for Word 2000 (KB887977)
        http://www.microsoft.com/downloads/details.aspx?familyid=9F4B6868-2F94 -478F-B0BC-0DA3E0571523&displaylang=en
        Microsoft Works Suite 2004
        Microsoft Security Update for Word 2002 (KB887978)
        http://www.microsoft.com/downloads/details.aspx?familyid=34998255-E004 -4A29-9418-35C5818E54CB&displaylang=en
        Microsoft Word 2002 SP2
        Microsoft Security Update for Word 2002 (KB887978)
        http://www.microsoft.com/downloads/details.aspx?familyid=34998255-E004 -4A29-9418-35C5818E54CB&displaylang=en
        Microsoft Word 2000 SR1
        Microsoft Security Update for Word 2000 (KB887977)
        http://www.microsoft.com/downloads/details.aspx?familyid=9F4B6868-2F94 -478F-B0BC-0DA3E0571523&displaylang=en
        Microsoft Word 2000 Chinese Version
        Microsoft Security Update for Word 2000 (KB887977)
        http://www.microsoft.com/downloads/details.aspx?familyid=9F4B6868-2F94 -478F-B0BC-0DA3E0571523&displaylang=en
        Microsoft Word 2002
        Microsoft Security Update for Word 2002 (KB887978)
        http://www.microsoft.com/downloads/details.aspx?familyid=34998255-E004 -4A29-9418-35C5818E54CB&displaylang=en
        Microsoft Word 2000 SP3
        Microsoft Security Update for Word 2000 (KB887977)
        http://www.microsoft.com/downloads/details.aspx?familyid=9F4B6868-2F94 -478F-B0BC-0DA3E0571523&displaylang=en
        Microsoft Word 2000 SP2
        Microsoft Security Update for Word 2000 (KB887977)
        http://www.microsoft.com/downloads/details.aspx?familyid=9F4B6868-2F94 -478F-B0BC-0DA3E0571523&displaylang=en
        Microsoft Word 2002 SP3
        Microsoft Security Update for Word 2002 (KB887978)
        http://www.microsoft.com/downloads/details.aspx?familyid=34998255-E004 -4A29-9418-35C5818E54CB&displaylang=en
        

- 漏洞信息

10549
Microsoft Word .doc Parsing Exception Arbitrary Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-10-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft Word Malformed Document Buffer Overflow Vulnerability
Boundary Condition Error 13122
Yes No
2005-04-12 12:00:00 2009-07-12 12:56:00
Discovery is credited to Alex Li.

- 受影响的程序版本

Microsoft Works Suite 2004
Microsoft Works Suite 2003
Microsoft Works Suite 2002
Microsoft Works Suite 2001
Microsoft Word Viewer 2003 0
Microsoft Word 2003
+ Microsoft Office 2003 SP1
+ Microsoft Office 2003 0
Microsoft Word 2002 SP3
Microsoft Word 2002 SP2
+ Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Word 2002 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Word 2002
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Word 2000 Korean Version
Microsoft Word 2000 Japanese Version
Microsoft Word 2000 Chinese Version
Microsoft Word 2000 SR1a
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000 SR1
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000 SP3
+ Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Word 2000 SP2
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0

- 漏洞讨论

Microsoft Word is prone to a buffer overflow vulnerability. This issue presents itself when Microsoft Word attempts to parse a malformed document. This could result in execution of arbitrary code in the context of a user who opens the malicious document.

Internet Explorer is a likely attack vector as Word may be opened to handle the document when the user clicks a link.

This issue was originally described as part of BID 11350.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released updates to address this issue in supported versions of affected software.

UPDATE: Fixes are available for Microsoft Word 2003 Viewer.


Microsoft Word 2003

Microsoft Word 2000 Japanese Version

Microsoft Word 2002 SP1

Microsoft Word Viewer 2003 0

Microsoft Works Suite 2003

Microsoft Word 2000

Microsoft Works Suite 2002

Microsoft Word 2000 SR1a

Microsoft Works Suite 2001

Microsoft Word 2000 Korean Version

Microsoft Works Suite 2004

Microsoft Word 2002 SP2

Microsoft Word 2000 SR1

Microsoft Word 2000 Chinese Version

Microsoft Word 2002

Microsoft Word 2000 SP3

Microsoft Word 2000 SP2

Microsoft Word 2002 SP3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站