Microsoft Excel样式处理及修复远程代码执行漏洞(MS06-059)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110570 漏洞类型 缓冲区溢出
发布时间 2006-07-06 更新时间 2006-11-30
CVE编号 CVE-2006-3431 CNNVD-ID CNNVD-200607-098
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/28189
https://www.securityfocus.com/bid/18872
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-098
|漏洞详情
MicrosoftExcel是非常流行的电子表格工具。Excel在解析文件和处理畸形的STYLE记录时存在缓冲区溢出漏洞,攻击者可能利用此漏洞在用户机器上执行任意指令。如果用户使用管理用户权限登录,成功利用此漏洞的攻击者便可完全控制受影响的系统。
|漏洞EXP
source: http://www.securityfocus.com/bid/18872/info

Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users.

A proof-of-concept malicious code named 'Trojan.Hongmosa' is actively exploiting this vulnerability, which results in crashing Excel running on Simplified Chinese, Traditional Chinese, Japanese, or Korean Windows. 

Note that Microsoft Office applications include functionality to embed Office files as objects contained in other Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word documents another possible attack vector.

This issue is distinct from the issue described in BID 18422 (Microsoft Excel Unspecified Remote Code Execution Vulnerability). Proof-of-concept 'Nanika.xls' was originally thought to be related to BID 18422; however, reports indicate that 'Nanika.xls' triggers this vulnerability.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/28189.xls
|受影响的产品
Microsoft Works Suite 2006 0 Microsoft Works Suite 2005 0 Microsoft Works Suite 2004 Microsoft Office XP SP3 + Microsoft Excel 2002 SP3
|参考资料

来源:BID
名称:18872
链接:http://www.securityfocus.com/bid/18872
来源:BUGTRAQ
名称:20060707MajorupdatestoExcel0-dayVulnerabilityFAQatSecuriTeamBlogs
链接:http://www.securityfocus.com/archive/1/archive/1/439427/100/0/threaded
来源:BUGTRAQ
名称:20060703Excel2000/XP/2003Style0dayPOC
链接:http://www.securityfocus.com/archive/1/archive/1/438963/100/0/threaded
来源:MS
名称:MS06-059
链接:http://www.microsoft.com/technet/security/Bulletin/MS06-059.mspx
来源:VUPEN
名称:ADV-2006-2689
链接:http://www.frsirt.com/english/advisories/2006/2689
来源:SECTRACK
名称:1016430
链接:http://securitytracker.com/id?1016430
来源:SECUNIA
名称:20268
链接:http://secunia.com/advisories/20268
来源:BUGTRAQ
名称:20060711NewCVEnumberstatesExcelStylehandlingasaseparateissue
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=115274676314243&w=2
来源:HP
名称:HPSBST02161
链接:http://www.securityfocus.com/archive/1/archive/1/449179/100/0/threaded
来源:USGovernment
名称:oval:org.mitre.oval:def:431
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:431