CVE-2005-0564
CVSS7.5
发布时间 :2005-07-12 00:00:00
修订时间 :2008-09-10 15:36:10
NMCOPS    

[原文]Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.


[CNNVD]Microsoft Word font 堆栈溢出漏洞(CNNVD-200507-141)

        Microsoft Word是微软发布的非常流行的文字处理软件。
        Microsoft Word 2000/2003及Works Suites 2000至2004中存在堆栈溢出漏洞。
        攻击者可利用此漏洞,通过包含超长字体信息的doc文件,执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:word:2002Microsoft Word 2002
cpe:/a:microsoft:word:2000Microsoft Word 2000

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1331Microsoft Word 2000 Font Parsing Vulnerability
oval:org.mitre.oval:def:1190Microsoft Word 2002 Font Parsing Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0564
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0564
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-141
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA05-193A.html
(UNKNOWN)  CERT  TA05-193A
http://www.kb.cert.org/vuls/id/218621
(UNKNOWN)  CERT-VN  VU#218621
http://www.microsoft.com/technet/security/bulletin/ms05-035.mspx
(VENDOR_ADVISORY)  MS  MS05-035
http://www.idefense.com/application/poi/display?id=281&type=vulnerabilities
(VENDOR_ADVISORY)  IDEFENSE  20050712 Microsoft Word 2000 and Word 2002 Font Parsing Buffer Overflow Vulnerability

- 漏洞信息

Microsoft Word font 堆栈溢出漏洞
高危 缓冲区溢出
2005-07-12 00:00:00 2005-10-20 00:00:00
远程  
        Microsoft Word是微软发布的非常流行的文字处理软件。
        Microsoft Word 2000/2003及Works Suites 2000至2004中存在堆栈溢出漏洞。
        攻击者可利用此漏洞,通过包含超长字体信息的doc文件,执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.microsoft.com/technet/security/bulletin/ms05-035.mspx

- 漏洞信息 (F38633)

Technical Cyber Security Alert 2005-193A (PacketStormID:F38633)
2005-07-13 00:00:00
US-CERT  us-cert.gov
advisory,remote,arbitrary,vulnerability
windows
CVE-2005-1219,CVE-2005-2087,CVE-2005-0564
[点击下载]

Technical Cyber Security Alert TA05-193A - Microsoft has released updates that address critical vulnerabilities in Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         National Cyber Alert System

                   Technical Cyber Security Alert TA05-193A

        Microsoft Windows, Internet Explorer, and Word Vulnerabilities

   Original release date: July 12, 2005
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows
     * Microsoft Office
     * Microsoft Internet Explorer

   For more complete information, refer to the Microsoft Security
   Bulletin Summary for July, 2005.


Overview

   Microsoft has released updates that address critical vulnerabilities
   in Windows, Office, and Internet Explorer. Exploitation of these
   vulnerabilities could allow a remote, unauthenticated attacker to
   execute arbitrary code on an affected system.


I. Description

   Microsoft Security Bulletins for July, 2005 address vulnerabilities in
   Windows, Office, and Internet Explorer. Further information is
   available in the following Vulnerability Notes:


   VU#218621 - Microsoft Word buffer overflow in font processing routine

   A buffer overflow in the font processing routine of Microsoft Word may
   allow a remote attacker to execute code on a vulnerable system.
   (CAN-2005-0564)


   VU#720742 - Microsoft Color Management Module buffer overflow during
   profile tag validation

   Microsoft Color Management Module fails to properly validate input
   data, allowing a remote attacker to execute arbitrary code.
   (CAN-2005-1219)


   VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an
   unspecified vulnerability

   The JVIEW Profiler COM object contains an unspecified vulnerability,
   which may allow a remote attacker to execute arbitrary code on a
   vulnerable system.
   (CAN-2005-2087)


II. Impact

   Exploitation of these vulnerabilities could allow a remote,
   unauthenticated attacker to execute arbitrary code with the privileges
   of the user. If the user is logged on with administrative privileges,
   the attacker could take control of an affected system.


III. Solution

Apply Updates

   Microsoft has provided the updates for these vulnerabilities in the
   Security Bulletins and on the Microsoft Update site.

Workarounds

   Please see the individual Vulnerability Notes for workarounds.


Appendix A. References

     * Microsoft Security Bulletin Summary for July, 2005
       <http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx>

     * US-CERT Vulnerability Note VU#218621
       <http://www.kb.cert.org/vuls/id/218621>

     * US-CERT Vulnerability Note VU#720742
       <http://www.kb.cert.org/vuls/id/720742>

     * US-CERT Vulnerability Note VU#939605
       <http://www.kb.cert.org/vuls/id/939605>

     * CAN-2005-0564
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0564>

     * CAN-2005-1219
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1219>
       
     * CAN-2005-2087
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2087>
       
     * Microsoft Update
       <http://update.microsoft.com/>

     * Microsoft Update Overview
       <http://www.microsoft.com/technet/prodtechnol/microsoftupdate/defa
       ult.mspx>

   _________________________________________________________________

   Feedback can be directed to the US-CERT Technical Staff.

   Please send mail to cert@cert.org with the subject:

   "TA05-193A Feedback VU#720742"
   _________________________________________________________________

   This document is available at

   <http://www.us-cert.gov/cas/techalerts/TA05-193A.html>
   _________________________________________________________________

   Produced 2005 by US-CERT, a government organization.
   _________________________________________________________________

   Terms of use

   <http://www.us-cert.gov/legal.html>
   _________________________________________________________________

   Revision History

   July 12, 2005: Initial release

   Last updated July 12, 2005 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQtRCSxhoSezw4YfQAQKuoAf+P5DLO5gulibqEf0d8OSYwzOGAS46sab2
ohaHuzzXgvBamlAbi/bWgcFkjgt9MMqnT8BgAuaHYRGBeGLzps4ZdLvKiNDD8HW4
jqtEczddlJCD9j8MHM3anjbLr4ZYioVkIF/z9R/X3HhKswLy4HtdTzyR8I5xt3mf
eWSdqWYofctzNdWdIWkWzW2spOcy4LbV8UqAdg6aIgrWZK7vfDNisJiTvZQAbcoE
38UEvCmnY2K9Ox4BYPHQZ/OaLZhURSw1N5kEv+icXM8NTk3hSzPErdmG47Cjyfa6
4B+fjpCzfw7HAy0DbuuaZXcxaCH+fsiiymySmvT8z5aQVZmgbp8Zyg==
=eMPQ
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F38626)

iDEFENSE Security Advisory 2005-07-12.t (PacketStormID:F38626)
2005-07-13 00:00:00
iDefense Labs  idefense.com
advisory,remote,overflow,arbitrary
CVE-2005-0564
[点击下载]

iDEFENSE Security Advisory 07.12.05 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word could allow execution of arbitrary code. A specially crafted .doc file, containing long font information, can cause Word to overwrite stack space. No checks are made on the length of data being copied, allowing the return address on the stack to be overwritten.

Microsoft Word 2000 and Word 2002 Font Parsing Buffer Overflow
Vulnerability

iDEFENSE Security Advisory 07.12.05
www.idefense.com/application/poi/display?id=281&type=vulnerabilities
July 12, 2005

I. BACKGROUND

Microsoft Word is the word processing component of the Microsoft Office
package. More information can be found at the following link:

 http://office.microsoft.com/en-us/default.aspx

II. DESCRIPTION

Remote exploitation of a buffer overflow vulnerability in Microsoft 
Corp.'s Word could allow execution of arbitrary code.

A specially crafted .doc file, containing long font information, can 
cause Word to overwrite stack space.

No checks are made on the length of data being copied, allowing the 
return address on the stack to be overwritten.

III. ANALYSIS

Successful exploitation allows remote attackers to execute arbitrary 
code in the context of the target user that opened the malicious 
document. The data that is written onto the stack is in the form 
"00xx00yy", where "xx" and "yy" are controlled by the input. While this 
tends to make exploitation more difficult, it does not prevent it, as it
may be possible for an attacker to cause controlled data to be put into 
a memory location matching the required format.

IV. DETECTION

iDEFENSE Labs has confirmed that Microsoft Word 2002 is vulnerable. 
Additionally, Microsoft has confirmed that Word 2000 is vulnerable. 

Microsoft Word 2003 is not vulnerable to this issue.

V. WORKAROUND

User awareness is the best method of defense against this class of 
attack. Users must be wary when opening files from untrusted sources. 

When possible, run client software, as regular user accounts with 
limited access to system resources. This may limit the immediate 
consequences of client-side vulnerabilities.

VI. VENDOR RESPONSE

The vendor security advisory and appropriate patches are available at:

   http://www.microsoft.com/technet/security/Bulletin/MS05-035.mspx

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2005-0564 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

03/24/2005  Initial vendor notification
03/24/2005  Initial vendor response
07/12/2005  Coordinated public disclosure

IX. CREDIT

Lord Yup is credited with this discovery.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

Free tools, research and upcoming events
http://labs.idefense.com

X. LEGAL NOTICES

Copyright (c) 2005 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
    

- 漏洞信息

17829
Microsoft Office .doc Font Parsing Overflow
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A local overflow exists in Microsoft Word for Windows. Word fails to check the length of font information in .doc files resulting in a stack based overflow. With a specially crafted document, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-07-12 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2003 or higher, as it has been reported to fix this vulnerability. In addition, vendor has released a patch for some older versions.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Word Malformed Document Font Processing Buffer Overflow Vulnerability
Boundary Condition Error 14216
Yes No
2005-07-12 12:00:00 2009-07-12 04:06:00
Discovery is credited to Lord Yup.

- 受影响的程序版本

Microsoft Works Suite 2004
Microsoft Works Suite 2003
Microsoft Works Suite 2002
Microsoft Works Suite 2001
Microsoft Works 2000
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Microsoft Word 2002 SP3
Microsoft Word 2002 SP2
+ Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Word 2002 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Word 2002
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Word 2000 SR1a
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000 SR1
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000 SP3
+ Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Word 2000 SP2
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Word 2000
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Office XP SP3
+ Microsoft Excel 2002 SP3
+ Microsoft Excel 2002 SP3
+ Microsoft FrontPage 2002 SP3
+ Microsoft FrontPage 2002 SP3
+ Microsoft Outlook 2002 SP3
+ Microsoft Outlook 2002 SP3
+ Microsoft PowerPoint 2002 SP3
+ Microsoft PowerPoint 2002 SP3
+ Microsoft Publisher 2002 SP3
+ Microsoft Publisher 2002 SP3
Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Office XP SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office XP
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Office 2000 SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office 2000 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional

- 漏洞讨论

Microsoft Word is affected by a remote buffer overflow vulnerability.

This vulnerability presents itself when a .doc file contains specific malformed input. Upon attempting to read the malformed .doc file, the affected application fails to properly validate data within the file. This may result in the attacker being able to control the flow of program execution.

Attackers may exploit this vulnerability to execute arbitrary code in the context of the victim user attempting to access the malformed Word file.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Microsoft has released updates to address this vulnerability in supported versions of the affected software.


Microsoft Office XP SP3

Microsoft Works Suite 2003

Microsoft Works Suite 2002

Microsoft Office 2000 SP3

Microsoft Works Suite 2001

Microsoft Works Suite 2004

Microsoft Works 2000

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站