Microsoft Word 2000远程代码执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112076 漏洞类型 Unknown
发布时间 2007-01-25 更新时间 2007-02-13
CVE编号 CVE-2007-0515 CNNVD-ID CNNVD-200701-466
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/29524
https://www.securityfocus.com/bid/22225
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-466
|漏洞详情
MicrosoftWord是微软Office套件中的的文字处理软件。如果用户受骗打开了恶意的.DOC文档的话,就可能导致Word2000在用户系统上执行任意代码。目前这个漏洞正在被名为Mdropper.W的木马积极的利用。在执行该木马时会执行以下操作:1.利用MicrosoftWord中的漏洞2.创建以下文件:*%Temp%\ahah.exe*%Temp%\sav.exe*%Windir%\dominoo.exe*%Windir%\inetsyschk.dll3.创建以下文件:%Temp%\SummaryonChina's2006DefenseWhitepaper.doc4.通过访问各种站点检查Internet连接,如果Microsoft、Google、Yahoo5.在入侵的机器上打开后门并在TCP80端口上连接到pop.newyorkerworld.com域6.在命令提示符中使用指定的命令执行基本操作7.删除以下文件:*%Windir%\dominoo.exe*%Windir%\inetsyschk.dll
|漏洞EXP
source: http://www.securityfocus.com/bid/22225/info

Microsoft Word 2000 is prone to a remote code-execution vulnerability.

Microsoft Word 2000 is confirmed vulnerable to a remote code-execution issue. Exploit attempts against Word 2003/XP will consume all CPU resources and will cause a denial of service for legitimate users.

Note that this issue is distinct from issues described in BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Malformed String Remote Code Execution Vulnerability), and BID 21518 (Microsoft Word Malformed Data Structures Code Execution Vulnerability). 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/29524.doc
|受影响的产品
Microsoft Word 2000 SR1a + Microsoft Office 2000 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000
|参考资料

来源:US-CERT
名称:TA07-044A
链接:http://www.us-cert.gov/cas/techalerts/TA07-044A.html
来源:US-CERT
名称:VU#412225
链接:http://www.kb.cert.org/vuls/id/412225
来源:XF
名称:word-document-code-execution(31834)
链接:http://xforce.iss.net/xforce/xfdb/31834
来源:MISC
链接:http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-013010-5422-99&tabid=2
来源:MISC
链接:http://www.symantec.com/enterprise/security_response/weblog/2007/01/new_microsoft_word_2000_vulner.html
来源:MISC
链接:http://www.symantec.com/enterprise/security_response/weblog/2007/01/multiple_organizations_targett.html
来源:BID
名称:22328
链接:http://www.securityfocus.com/bid/22328
来源:BID
名称:22225
链接:http://www.securityfocus.com/bid/22225
来源:MS
名称:MS07-014
链接:http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx
来源:www.microsoft.com
链接:http://www.microsoft.com/technet/security/advisory/932114.mspx
来源:VUPEN
名称:ADV-2007-0350
链接:http://www.frsirt.com/english/advisories/2007/0350
来源:SECTRACK
名称:1017564
链接:http://securitytracker.com/id?1