BUGTRAQ ID: 35184 CVE(CAN) ID: CVE-2009-1533 Works是微软的家用综合软件,提供基本的能提高生活效率的工具,如简单的文档处理、数据库、电子表格的入门级办公包功能。 Windows文件转换器的Works处理特制Works文件的方式中存在栈溢出漏洞。如果用户打开了包含有超长字体名的特制.wps文件,就可以触发这个溢出,导致执行任意代码。 Microsoft Office XP SP3 Microsoft Office 2007 SP1 Microsoft Office 2003 Service Pack 3 Microsoft Office 2000 SP3 Microsoft Works 9.0 Microsoft Works 8.5 临时解决方法: * 对于Word 2000和Word 2002,通过限制访问来禁用Works 4.x转换器。 对于Microsoft Windows 2000、Windows XP和Windows Server 2003,通过命令提示符运行以下命令: cacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /E /P everyone:N cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" /E /P everyone:N 对于Vista/Server 2008,从提升的命令提示符处运行下列命令: takeown /f "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /save works432_ACL.TXT icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /deny everyone:(F)...
BUGTRAQ ID: 35184 CVE(CAN) ID: CVE-2009-1533 Works是微软的家用综合软件,提供基本的能提高生活效率的工具,如简单的文档处理、数据库、电子表格的入门级办公包功能。 Windows文件转换器的Works处理特制Works文件的方式中存在栈溢出漏洞。如果用户打开了包含有超长字体名的特制.wps文件,就可以触发这个溢出,导致执行任意代码。 Microsoft Office XP SP3 Microsoft Office 2007 SP1 Microsoft Office 2003 Service Pack 3 Microsoft Office 2000 SP3 Microsoft Works 9.0 Microsoft Works 8.5 临时解决方法: * 对于Word 2000和Word 2002,通过限制访问来禁用Works 4.x转换器。 对于Microsoft Windows 2000、Windows XP和Windows Server 2003,通过命令提示符运行以下命令: cacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /E /P everyone:N cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" /E /P everyone:N 对于Vista/Server 2008,从提升的命令提示符处运行下列命令: takeown /f "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /save works432_ACL.TXT icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /deny everyone:(F) takeown /f "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" /save works432_ACL.TXT icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" /deny everyone:(F) * 对于安装了Microsoft Works 6–9文件转换器的Word 2003和Word 2007,通过限制访问来禁用Works 6-9转换器。 对于Microsoft Windows 2000、Windows XP和Windows Server 2003,通过命令提示符运行以下命令: cacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv" /E /P everyone:N cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv" /E /P everyone:N 对于Windows Vista和Windows Server 2008,从提升的命令提示符处运行下列命令: takeown /f "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv" icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv" /save works632_ACL.TXT icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv" /deny everyone:(F) takeown /f "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv" icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv" /save works632_ACL.TXT icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv" /deny everyone:(F) 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS09-024)以及相应补丁: MS09-024:Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) 链接:<a href="http://www.microsoft.com/technet/security/Bulletin/MS09-024.mspx?pf=true" target="_blank" rel=external nofollow>http://www.microsoft.com/technet/security/Bulletin/MS09-024.mspx?pf=true</a>
