漏洞信息详情

Microsoft Office畸形传送名单远程代码执行漏洞

  • CNNVD编号:CNNVD-200603-256
  • 危害等级: 中危
  • CVE编号: CVE-2006-0009
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2006-03-14
  • 威胁类型: 远程
  • 更新时间: 2007-08-27
  • 厂        商: microsoft
  • 漏洞来源: Ollie Whitehouse o...

漏洞简介

Microsoft Office是非常流行的办公软件。

Microsoft Office在处理Office文档时存在漏洞,成功利用此漏洞的攻击者可以完全控制受影响的系统。

攻击者可以通过在Office文档内构建特制的传送名单来利用此漏洞,可能允许远程执行代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx#E4EAE

参考网址

来源: US-CERT

名称: TA06-073A

链接:http://www.us-cert.gov/cas/techalerts/TA06-073A.html

来源: US-CERT

名称: VU#682820

链接:http://www.kb.cert.org/vuls/id/682820

来源: BID

名称: 17000

链接:http://www.securityfocus.com/bid/17000

来源: BUGTRAQ

名称: 20060314 SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata

链接:http://www.securityfocus.com/archive/1/archive/1/427671/100/0/threaded

来源: MS

名称: MS06-012

链接:http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx

来源: SECTRACK

名称: 1015766

链接:http://securitytracker.com/id?1015766

来源: SECUNIA

名称: 19138

链接:http://secunia.com/advisories/19138

来源: XF

名称: powerpoint-presentation-code-execution(29009)

链接:http://xforce.iss.net/xforce/xfdb/29009

来源: XF

名称: office-routing-slip-bo(25009)

链接:http://xforce.iss.net/xforce/xfdb/25009

来源: MISC

链接:http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?Vname=TROJ%5FMDROPPER%2EBH

来源: MISC

链接:http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99

来源: MISC

链接:http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt

来源: BID

名称: 20059

链接:http://www.securityfocus.com/bid/20059

来源: BUGTRAQ

名称: 20060919 Microsoft PowerPoint 0-day Vulnerability FAQ - September written

链接:http://www.securityfocus.com/archive/1/archive/1/446425/100/0/threaded

来源: BUGTRAQ

名称: 20060919 New PowerPoint 0-day Trojan in the wild

链接:http://www.securityfocus.com/archive/1/archive/1/446370/100/0/threaded

来源: BUGTRAQ

名称: 20060822 Major updates in PowerPoint FAQ document - not a 0-day issue

链接:http://www.securityfocus.com/archive/1/archive/1/444051/100/200/threaded

来源: BUGTRAQ

名称: 20060819 New PowerPoint 0-day and Trojan - FAQ document ready

链接:http://www.securityfocus.com/archive/1/archive/1/443890/100/0/threaded

来源: BUGTRAQ

名称: 20060422 PowerPoint Phishing Trojan

链接:http://www.securityfocus.com/archive/1/archive/1/432004/30/5340/threaded

来源: OSVDB

名称: 23903

链接:http://www.osvdb.org/23903

来源: VUPEN

名称: ADV-2006-3678

链接:http://www.frsirt.com/english/advisories/2006/3678

来源: VUPEN

名称: ADV-2006-0950

链接:http://www.frsirt.com/english/advisories/2006/0950

来源: MISC

链接:http://www.darkreading.com/document.asp?doc_id=101970

来源: support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

来源: SECTRACK

名称: 1016886

链接:http://securitytracker.com/id?1016886

来源: SECTRACK

名称: 1016720

链接:http://securitytracker.com/id?1016720

来源: SECUNIA

名称: 19238

链接:http://secunia.com/advisories/19238

来源: FULLDISC

名称: 20060919 New PowerPoint 0-day Trojan in the wild

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html

来源: MISC

链接:http://isc.sans.org/diary.php?storyid=1618

来源: MISC

链接:http://blogs.securiteam.com/?p=559

来源: MISC

链接:http://blogs.securiteam.com/?p=557

来源: MISC

链接:http://blogs.securiteam.com/?author=28

来源: FULLDISC

名称: 20060822 Major updates in PowerPoint FAQ document - not a 0-day issue

链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html

来源: US Government Resource: oval:org.mitre.oval:def:798

名称: oval:org.mitre.oval:def:798

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:798

来源: US Government Resource: oval:org.mitre.oval:def:1653

名称: oval:org.mitre.oval:def:1653

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1653

来源: US Government Resource: oval:org.mitre.oval:def:1553

名称: oval:org.mitre.oval:def:1553

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1553

来源: US Government Resource: oval:org.mitre.oval:def:1504

名称: oval:org.mitre.oval:def:1504

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1504

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多