Microsoft Word RTF模板宏执行漏洞

漏洞信息详情

Microsoft Word RTF模板宏执行漏洞

• CNNVD编号：CNNVD-200106-149
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2001-0240
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2001-06-27
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Posted in a Micros…

Microsoft Word 2002之前版本存在漏洞。攻击者借助链接到带嵌入式宏模板的富文本格式（RTF）文档自动的执行没有警告用户的宏。

Microsoft has released a patch for Word 2000 and Word 97 which rectifies this issue. The patches for the additional vulnerable versions will be released at a later date. The release date is not yet known.
Microsoft Word 97 SR2

• Microsoft Q214652
  
  http://download.microsoft.com/download/word97win/Patch/4.71.1015.0/W98
  NT42KMe/EN-US/wd97mcrs.exe

Microsoft Word 2000 SR1

• Microsoft Q288266
  
  http://download.microsoft.com/download/word2000/wd2kmse/1/WIN98Me/EN-U
  S/wd2kmsec.exe

Microsoft Word 2000

• Microsoft Q288266
  
  http://download.microsoft.com/download/word2000/wd2kmse/1/WIN98Me/EN-U
  S/wd2kmsec.exe

Microsoft Word 2000 SP2

• Microsoft Q288266
  
  http://download.microsoft.com/download/word2000/wd2kmse/1/WIN98Me/EN-U
  S/wd2kmsec.exe

Microsoft Word 97 SR1

• Microsoft Q214652
  
  http://download.microsoft.com/download/word97win/Patch/4.71.1015.0/W98
  NT42KMe/EN-US/wd97mcrs.exe

Microsoft Word 97

• Microsoft Q214652
  
  http://download.microsoft.com/download/word97win/Patch/4.71.1015.0/W98
  NT42KMe/EN-US/wd97mcrs.exe

Microsoft Word 2000 SR1a

• Microsoft Q288266
  
  http://download.microsoft.com/download/word2000/wd2kmse/1/WIN98Me/EN-U
  S/wd2kmsec.exe

来源: MS
名称: MS01-028
链接:http://www.microsoft.com/technet/security/bulletin/ms01-028.asp

来源: XF
名称: word-rtf-macro-execution(6571)
链接:http://xforce.iss.net/static/6571.php

来源: BID
名称: 2753
链接:http://www.securityfocus.com/bid/2753