Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Производитель ПО
Наименование ПО
Microsoft Excel
(2000, 2000 SP3, 2002, 2002 SP3, 2003, 2003 SP2, 2004 for Mac, v. X for Mac)
Microsoft Office
(WorkSuite 2000, WorkSuite 2001, WorkSuite 2002, WorkSuite 2003, WorkSuite 2004, WorkSuite 2005, WorkSuite 2006)
Microsoft Outlook
(2000, 2002)
Microsoft PowerPoint
(2000, 2002)
Microsoft Word
(2000, 2000 SP3, 2002, 2002 SP3)
Microsoft Updates
(KB2251389, KB2264397, KB2264403, KB2293422, KB2328360, KB2344893, KB2345017, KB2466169, KB2502786, KB2541003, KB2541025, KB2553072, KB2596954, KB2597086, KB2687481, KB2810048, KB905553, KB905555, KB905646, KB905649, KB905754, KB905755, KB905756, KB905757, KB905758, KB914451, KB917335, KB918419, KB918420, KB918425, KB920817, KB923088, KB923089, KB923275, KB923618, KB925257, KB925523, KB925525, KB929061, KB933666, KB934394, KB934445, KB934453, KB934737, KB936507, KB936508, KB936513, KB940601, KB940602, KB940604, KB942670, KB943889, KB943957, KB943985, KB946976, KB950243, KB951548, KB951551, KB951589, KB954463, KB955464, KB955466, KB955468, KB956329, KB958372, KB958434, KB958436, KB959988, KB959993, KB959995, KB969602, KB969680, KB969681, KB969685, KB973444, KB973471, KB973475, KB973484, KB978471, KB978474, KB982133, KB982299)
Описание
В приложении Excel существует уязвимость удаленного выполнения кода, связанная с искаженной записью. Злоумышленник может воспользоваться этой уязвимостью, создав специальный файл Excel, который делает возможным удаленный запуск кода.
Как исправить
Используйте рекомендации производителя:
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
Ссылки
MS (MS06-012): http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx
CERT-VN (VU#104302): http://www.kb.cert.org/vuls/id/104302
SECTRACK (1015766): http://securitytracker.com/id?1015766
CERT (TA06-073A): http://www.us-cert.gov/cas/techalerts/TA06-073A.html
BID (17101): http://www.securityfocus.com/bid/17101
XF (excel-record-bo(25228)): http://xforce.iss.net/xforce/xfdb/25228
BUGTRAQ (20060315 [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/427699/100/0/threaded
FULLDISC (20060314 [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability): http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1521.html
FRSIRT (ADV-2006-0950): http://www.frsirt.com/english/advisories/2006/0950
OSVDB (23902): http://www.osvdb.org/23902
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
OVAL (oval:org.mitre.oval:def:1327): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1327
OVAL (oval:org.mitre.oval:def:1525): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1525
OVAL (oval:org.mitre.oval:def:1750): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1750
OVAL (oval:org.mitre.oval:def:763): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:763
CERT-VN (VU#104302): http://www.kb.cert.org/vuls/id/104302
SECTRACK (1015766): http://securitytracker.com/id?1015766
CERT (TA06-073A): http://www.us-cert.gov/cas/techalerts/TA06-073A.html
BID (17101): http://www.securityfocus.com/bid/17101
XF (excel-record-bo(25228)): http://xforce.iss.net/xforce/xfdb/25228
BUGTRAQ (20060315 [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability): http://www.securityfocus.com/archive/1/archive/1/427699/100/0/threaded
FULLDISC (20060314 [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability): http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1521.html
FRSIRT (ADV-2006-0950): http://www.frsirt.com/english/advisories/2006/0950
OSVDB (23902): http://www.osvdb.org/23902
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
OVAL (oval:org.mitre.oval:def:1327): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1327
OVAL (oval:org.mitre.oval:def:1525): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1525
OVAL (oval:org.mitre.oval:def:1750): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1750
OVAL (oval:org.mitre.oval:def:763): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:763