漏洞信息详情

Microsoft Word宏权限绕过任意代码执行漏洞(MS07-014)

漏洞简介

Microsoft Word是微软发布的非常流行的文字处理办公软件。

Microsoft Word修改文档中的修改属性时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行恶意代码。

Word没有正确地检查被修改文档中的属性,导致当文档中存在宏的时候可能不会对用户提示宏安全警告,这样用户就可能错误的打开危险的Word文档。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

http://www.microsoft.com/technet/security/Bulletin/ms07-014.mspx?pf=true

参考网址

来源: US-CERT

名称: VU#166700

链接:http://www.kb.cert.org/vuls/id/166700

来源: US-CERT

名称: TA07-044A

链接:http://www.us-cert.gov/cas/techalerts/TA07-044A.html

来源: XF

名称: word-unspec-code-execution(30806)

链接:http://xforce.iss.net/xforce/xfdb/30806

来源: BID

名称: 21518

链接:http://www.securityfocus.com/bid/21518

来源: BUGTRAQ

名称: 20061211 The newest Word flaw is due to malformed data structure handling

链接:http://www.securityfocus.com/archive/1/archive/1/454093/100/0/threaded

来源: BUGTRAQ

名称: 20061210 Re: Another, different MS Word 0-day vulnerability reported

链接:http://www.securityfocus.com/archive/1/archive/1/454072/100/0/threaded

来源: BUGTRAQ

名称: 20061210 Another, different MS Word 0-day vulnerability reported

链接:http://www.securityfocus.com/archive/1/archive/1/454069/100/0/threaded

来源: OSVDB

名称: 30825

链接:http://www.osvdb.org/30825

来源: MS

名称: MS07-014

链接:http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx

来源: VUPEN

名称: ADV-2006-4920

链接:http://www.frsirt.com/english/advisories/2006/4920

来源: MISC

链接:http://vil.mcafeesecurity.com/vil/content/v_vul27249.htm

来源: MISC

链接:http://vil.mcafeesecurity.com/vil/content/v_141056.htm

来源: SECTRACK

名称: 1017579

链接:http://securitytracker.com/id?1017579

来源: SECTRACK

名称: 1017358

链接:http://securitytracker.com/id?1017358

来源: SECUNIA

名称: 23205

链接:http://secunia.com/advisories/23205

来源: MISC

链接:http://isc.sans.org/diary.php?storyid=1925

来源: blogs.technet.com

链接:http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspx

来源: FULLDISC

名称: 20061211 The newest Word flaw is due to malformed data structure handling

链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-12/0215.html

来源: FULLDISC

名称: 20061210 Another, different MS Word 0-day vulnerability reported

链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-12/0199.html

来源: US Government Resource: oval:org.mitre.oval:def:746

名称: oval:org.mitre.oval:def:746

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:746

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多