Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
Microsoft Excel
(2000, 2000 SP3, 2002, 2002 SP3, 2003, 2003 SP2, 2004 for Mac, v. X for Mac)
Microsoft Office
(WorkSuite 2000, WorkSuite 2001, WorkSuite 2002, WorkSuite 2003, WorkSuite 2004, WorkSuite 2005, WorkSuite 2006)
Microsoft Outlook
(2000, 2002)
Microsoft PowerPoint
(2000, 2002)
Microsoft Word
(2000, 2000 SP3, 2002, 2002 SP3)
Описание
В приложении Excel существует уязвимость удаленного выполнения кода, связанная с искаженным диапазоном. Злоумышленник может воспользоваться этой уязвимостью, создав специальный файл Excel, который делает возможным удаленный запуск кода.
Как исправить
Используйте рекомендации производителя:
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
Ссылки
http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html
http://news.com.com/2061-10789_3-5988086.html
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/
http://www.osvdb.org/blog/?p=71
BID (15780): http://www.securityfocus.com/bid/15780
http://www.eweek.com/article2/0,1759,1899697,00.asp?kc=EWRSS03129TX1K0000614
http://news.zdnet.com/2100-1009_22-5989078.html
http://informationweek.com/story/showArticle.jhtml?articleID=174910198
http://news.com.com/2061-10789_3-5988086.html
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
SECTRACK (1015333): http://securitytracker.com/id?1015333
http://www.securityfocus.com/news/11363
http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/
XF (excel-msvcrt-memmove-bo(23537)): http://xforce.iss.net/xforce/xfdb/23537
BUGTRAQ (20060314 High Risk Vulnerability in Microsoft Excel): http://www.securityfocus.com/archive/1/archive/1/427635/100/0/threaded
MS (MS06-012): http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx
CERT (TA06-073A): http://www.us-cert.gov/cas/techalerts/TA06-073A.html
CERT-VN (VU#642428): http://www.kb.cert.org/vuls/id/642428
SECTRACK (1015766): http://securitytracker.com/id?1015766
BUGTRAQ (20060315 [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution): http://www.securityfocus.com/archive/1/archive/1/427698/100/0/threaded
FRSIRT (ADV-2006-0950): http://www.frsirt.com/english/advisories/2006/0950
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
http://news.com.com/2061-10789_3-5988086.html
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/
http://www.osvdb.org/blog/?p=71
BID (15780): http://www.securityfocus.com/bid/15780
http://www.eweek.com/article2/0,1759,1899697,00.asp?kc=EWRSS03129TX1K0000614
http://news.zdnet.com/2100-1009_22-5989078.html
http://informationweek.com/story/showArticle.jhtml?articleID=174910198
http://news.com.com/2061-10789_3-5988086.html
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
SECTRACK (1015333): http://securitytracker.com/id?1015333
http://www.securityfocus.com/news/11363
http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/
XF (excel-msvcrt-memmove-bo(23537)): http://xforce.iss.net/xforce/xfdb/23537
BUGTRAQ (20060314 High Risk Vulnerability in Microsoft Excel): http://www.securityfocus.com/archive/1/archive/1/427635/100/0/threaded
MS (MS06-012): http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx
CERT (TA06-073A): http://www.us-cert.gov/cas/techalerts/TA06-073A.html
CERT-VN (VU#642428): http://www.kb.cert.org/vuls/id/642428
SECTRACK (1015766): http://securitytracker.com/id?1015766
BUGTRAQ (20060315 [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution): http://www.securityfocus.com/archive/1/archive/1/427698/100/0/threaded
FRSIRT (ADV-2006-0950): http://www.frsirt.com/english/advisories/2006/0950
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm