CVE-2006-3649
CVSS5.1
发布时间 :2006-08-08 20:04:00
修订时间 :2011-03-07 21:39:09
NMCOS    

[原文]Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.


[CNNVD]Microsoft Visual Basic for Applications文档检查溢出漏洞(MS06-047)(CNNVD-200608-101)

        Microsoft Visual Basic for Applications(VBA)是用于开发客户端桌面所包装的应用程序并集成到现有数据和系统的开发技术。
        VBA在处理包含畸形属性字段的文档时存在漏洞,攻击者可能利用此漏洞在用户机器上执行任意指令。
        VBA在打开文档时会检查主机应用程序对其传送的某些文档属性,因此主机应用程序就可能向VBA传送未检查的参数。如果攻击者能够诱骗用户打开设置了特殊属性的文档的话,就可能触发缓冲区溢出,导致执行任意代码。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:visual_basic:6.3::sdk
cpe:/a:microsoft:visual_basic:6.4::sdk
cpe:/a:microsoft:visual_basic:6.2::sdk
cpe:/a:microsoft:visual_basic:6.2Microsoft visual_basic 6.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3649
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3649
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-101
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-220A.html
(PATCH)  CERT  TA06-220A
http://www.kb.cert.org/vuls/id/159484
(PATCH)  CERT-VN  VU#159484
http://www.microsoft.com/technet/security/Bulletin/MS06-047.mspx
(PATCH)  MS  MS06-047
http://www.vupen.com/english/advisories/2006/3214
(UNKNOWN)  VUPEN  ADV-2006-3214
http://www.securityfocus.com/bid/19414
(UNKNOWN)  BID  19414
http://securitytracker.com/id?1016656
(UNKNOWN)  SECTRACK  1016656
http://secunia.com/advisories/21408
(UNKNOWN)  SECUNIA  21408

- 漏洞信息

Microsoft Visual Basic for Applications文档检查溢出漏洞(MS06-047)
中危 缓冲区溢出
2006-08-08 00:00:00 2006-08-09 00:00:00
远程  
        Microsoft Visual Basic for Applications(VBA)是用于开发客户端桌面所包装的应用程序并集成到现有数据和系统的开发技术。
        VBA在处理包含畸形属性字段的文档时存在漏洞,攻击者可能利用此漏洞在用户机器上执行任意指令。
        VBA在打开文档时会检查主机应用程序对其传送的某些文档属性,因此主机应用程序就可能向VBA传送未检查的参数。如果攻击者能够诱骗用户打开设置了特殊属性的文档的话,就可能触发缓冲区溢出,导致执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.microsoft.com/technet/security/bulletin/ms06-048.mspx

- 漏洞信息

27849
Microsoft Visual Basic Unspecified Document Handling Overflow
Input Manipulation
Loss of Integrity Patch / RCS
Vendor Verified, Uncoordinated Disclosure, Discovered in the Wild

- 漏洞描述

- 时间线

2006-08-08 Unknow
Unknow 2008-08-08

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft Visual Basic for Applications Document Check Buffer Overflow Vulnerability
Boundary Condition Error 19414
Yes No
2006-08-08 12:00:00 2007-06-27 03:28:00
Ka Chun Leung of Symantec is credited with the discovery of this vulnerability.

- 受影响的程序版本

Nortel Networks Contact Center Manager Server 0
Nortel Networks Contact Center Manager
Nortel Networks Contact Center Express
Nortel Networks Contact Center - CCT 0
Nortel Networks Contact Center
Microsoft Works Suite 2006 0
Microsoft Works Suite 2005 0
Microsoft Works Suite 2004
Microsoft Visual Basic for Applications SDK 6.4
Microsoft Visual Basic for Applications SDK 6.3
Microsoft Visual Basic for Applications SDK 6.2
Microsoft Visual Basic for Applications SDK 6.0
Microsoft Visio 2002 SP2
Microsoft Project 2002 SP1
Microsoft Project 2000 SR1
Microsoft Office XP SP3
+ Microsoft Excel 2002 SP3
+ Microsoft Excel 2002 SP3
+ Microsoft FrontPage 2002 SP3
+ Microsoft FrontPage 2002 SP3
+ Microsoft Outlook 2002 SP3
+ Microsoft Outlook 2002 SP3
+ Microsoft PowerPoint 2002 SP3
+ Microsoft PowerPoint 2002 SP3
+ Microsoft Publisher 2002 SP3
+ Microsoft Publisher 2002 SP3
Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Access 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Office 2003 SP2
Microsoft Office 2003 SP1

- 不受影响的程序版本

Microsoft Office 2003 SP2
Microsoft Office 2003 SP1

- 漏洞讨论

A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs due to insufficient bounds checking when checking the properties of malicious documents. As a result, a malformed document may be able to trigger a buffer-overflow within the affected application, effectively allowing for the execution of arbitrary code.

Microsoft Office, Access, Visio, Word, and Works are also reportedly attack vectors, since they employ VBA when handling certain document types. Email is another potential attack vector for this vulnerability, but merely opening an email would not trigger the issue; replying or forwarding the message could potentially trigger it.

Microsoft has reported that this issue is being exploited in the wild.

- 漏洞利用

Although Microsoft has reported that this issue is being exploited in the wild, we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Microsoft has released updates that address this issue.

Patches have been included for Office and other affected products. Please see the vendor advisory for more information.


Microsoft Project 2000 SR1

Microsoft Project 2002 SP1

Microsoft Office XP SP3

Microsoft Visual Basic for Applications SDK 6.2

Microsoft Visual Basic for Applications SDK 6.4

Microsoft Works Suite 2005 0

Microsoft Office 2000 SP3

Microsoft Works Suite 2004

Microsoft Visio 2002 SP2

Microsoft Visual Basic for Applications SDK 6.0

Microsoft Access 2000 SP3

Microsoft Works Suite 2006 0

Microsoft Visual Basic for Applications SDK 6.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站