wutenan 's blog

Microsoft Excel OBJ Record 堆疊溢位遠端程式碼執行漏洞

漏洞編號：
Bugtraq ID：40520
CVE編號：CVE-2010-0822

影響平台：
Microsoft Open XML File Format Converter for Mac 0
Microsoft Office 2008 for Mac 0
Microsoft Office 2004 for Mac 0
Microsoft Excel 2002 SP3
+ Microsoft Office XP SP3
Microsoft Excel 2002 SP2
+ Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Excel 2002 SP1
+ Microsoft Office XP SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Excel 2002
+ Microsoft Office XP
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Avaya Messaging Application Server MM 3.1
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server MM 1.1
Avaya Messaging Application Server 5
Avaya Messaging Application Server 4
Avaya Messaging Application Server 0
Avaya Meeting Exchange - Webportal 0
Avaya Meeting Exchange - Web Conferencing Server 0
Avaya Meeting Exchange - Streaming Server 0
Avaya Meeting Exchange - Recording Server 0
Avaya Meeting Exchange - Client Registration Server 0

影響狀況：
成功的攻擊允許攻擊者在使用者執行應用程式時執行任意程式碼。

漏洞說明：
Microsoft Excel存在一個遠端程式碼執行漏洞。
攻擊者可以利用此漏洞誘使不知情使用者開啟特定Excel(.xls)檔案。成功的攻擊允許攻擊者在使用者執行應用程式時執行任意程式碼。

解決方案：
軟體供應商已經釋出了相關修補程式，請參考以下連結以獲得更詳細的資訊：
Microsoft Office 2008 for Mac 0
Microsoft Microsoft Office 2008 for Mac 12.2.5 Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=d46255bd-6470-4106-9fe2-ea67acd3f1bd
Microsoft Open XML File Format Converter for Mac 0
Microsoft Open XML File Format Converter for Mac 1.1.5
http://www.microsoft.com/downloads/details.aspx?FamilyID=b6ca7b05-cf97-43a2-95eb-7b5caf7c1528
Microsoft Excel 2002 SP3
Microsoft Security Update for Microsoft Excel 2002 (KB982299)
http://www.microsoft.com/downloads/details.aspx?familyid=fec14a92-79a1-4281-8ee2-659b2dfd283f
Microsoft Office 2004 for Mac 0
Microsoft Microsoft Office 2004 for Mac 11.5.9 Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=16c71ab8-9284-407a-856a-93c67995f125

參考資料：
SecurityFocus
http://www.securityfocus.com/bid/40520
Microsoft Excel Homepage (Microsoft )
http://office.microsoft.com/zh-tw/excel/
MOAUB #24 â?? Microsoft Excel OBJ Record Stack Overflow (Abyssec)
http://www.exploit-db.com/moaub-24-microsoft-excel-obj-record-stack-overflow/
VUPEN Security Research - Microsoft Office Excel OBJ Stack Overflow Vulnerabilit ("VUPEN Security Research" )
http://www.securityfocus.com/archive/1/511752
ASA-2010-161 MS10-038 Vulnerabilities in Microsoft Office Excel Could Allow Remo (Avaya)
http://support.avaya.com/css/P8/documents/100089991
Microsoft Security Bulletin MS10-038 (Microsoft)
http://technet.microsoft.com/en-us/security/bulletin/MS10-038