BUGTRAQ ID: 27659 CVE(CAN) ID: CVE-2008-0108 Microsoft Works是微软在早期所发布的文件处理程序。 Works文件转换器在处理畸形格式的字段长度信息存在漏洞,远程攻击者可能利用此漏洞控制用户系统。 Works文件转换器(wkcvqd01.dll)在将Microsoft Works文档(.wps)转换为富文本格式(RTF)时没有正确的验证字段长度信息,如果攻击者创建了特制的Works文档文档并修改了其中某些字段(如长度或计数值)的话,就可能触发栈溢出,导致执行任意指令。 Microsoft Office 2003 Service Pack 3 Microsoft Office 2003 Service Pack 2 Microsoft Works Suite 2005 Microsoft Works 8.0 临时解决方法: * 通过限制对WKCVQD01.DLL的访问来禁用Works文件转换器的安装拷贝,在命令行运行以下命令: Windows XP: Echo y| cacls "%ProgramFiles%\Common Files\Microsoft shared\TextConv\wkcvqd01.dll" /E /P everyone:N Windows Vista: Takeown.exe /f "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" Icacls.exe "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" /save %TEMP%\wkcvqd01 _ACL.TXT Icacls.exe "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" /deny everyone:(F) * 禁止安装WKCVQD01.DLL,在命令行运行以下命令: Windows XP: md "%ProgramFiles%\Common...
BUGTRAQ ID: 27659 CVE(CAN) ID: CVE-2008-0108 Microsoft Works是微软在早期所发布的文件处理程序。 Works文件转换器在处理畸形格式的字段长度信息存在漏洞,远程攻击者可能利用此漏洞控制用户系统。 Works文件转换器(wkcvqd01.dll)在将Microsoft Works文档(.wps)转换为富文本格式(RTF)时没有正确的验证字段长度信息,如果攻击者创建了特制的Works文档文档并修改了其中某些字段(如长度或计数值)的话,就可能触发栈溢出,导致执行任意指令。 Microsoft Office 2003 Service Pack 3 Microsoft Office 2003 Service Pack 2 Microsoft Works Suite 2005 Microsoft Works 8.0 临时解决方法: * 通过限制对WKCVQD01.DLL的访问来禁用Works文件转换器的安装拷贝,在命令行运行以下命令: Windows XP: Echo y| cacls "%ProgramFiles%\Common Files\Microsoft shared\TextConv\wkcvqd01.dll" /E /P everyone:N Windows Vista: Takeown.exe /f "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" Icacls.exe "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" /save %TEMP%\wkcvqd01 _ACL.TXT Icacls.exe "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" /deny everyone:(F) * 禁止安装WKCVQD01.DLL,在命令行运行以下命令: Windows XP: md "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\" echo Placeholder > "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" Echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" /E /P everyone:N Windows Vista: md "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\" echo Placeholder > "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" Icacls.exe "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\wkcvqd01.dll" /deny everyone:(F) * 不要打开或保存不可信任来源的Microsoft Works文件。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-011)以及相应补丁: MS08-011:Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-011.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-011.mspx?pf=true</a>
