Microsoft Excel和PowerPoint宏安全绕过漏洞

漏洞信息详情

Microsoft Excel和PowerPoint宏安全绕过漏洞

• CNNVD编号：CNNVD-200110-142
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0718
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2001-10-30
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  This vulnerability…

(1)Microsoft Excel 2002和之前版本以及(2)Microsoft PowerPoint 2002和之前版本存在漏洞。攻击者可以通过修改文档中的数据流绕过宏限制以及执行任意命令。

Microsoft has supplied a patch for this issue:
Microsoft PowerPoint 98 for Mac

• Microsoft office98_secupdate
  
  http://www.microsoft.com/mac/download/office98/pptxlmacro.asp

Microsoft Excel 2001 for Mac

• Microsoft office2001_secupdate
  
  http://www.microsoft.com/mac/download/office2001/pptxlmacro.asp

Microsoft PowerPoint 2002

• Microsoft ppt1001.exe
  
  http://download.microsoft.com/download/powerpoint2002/ppt1001/1/w98nt4
  2kme/en-us/ppt1001.exe

Microsoft Excel 2002

• Microsoft exc1001.exe
  
  http://download.microsoft.com/download/excel2002/exc1001/1/w98nt42kme/
  en-us/exc1001.exe

Microsoft Excel 2000

• Microsoft e2kmac.exe
  
  http://download.microsoft.com/download/excel2000/e2kmac/1/w98nt42kme/e
  n-us/e2kmac.exe

Microsoft Excel 98 for Mac

• Microsoft office98_secupdate
  
  http://www.microsoft.com/mac/download/office98/pptxlmacro.asp

Microsoft PowerPoint 2000

• Microsoft p2kmac.exe
  
  http://download.microsoft.com/download/powerpoint2000/p2kmac/1/w98nt42
  kme/en-us/p2kmac.exe

Microsoft PowerPoint 2001 for Mac

• Microsoft office2001_secupdate
  
  http://www.microsoft.com/mac/download/office2001/pptxlmacro.asp

来源:CERT/CC Advisory: CA-2001-28
名称: CA-2001-28
链接:http://www.cert.org/advisories/CA-2001-28.html

来源:US-CERT Vulnerability Note: VU#287067
名称: VU#287067
链接:http://www.kb.cert.org/vuls/id/287067

来源: MS
名称: MS01-050
链接:http://www.microsoft.com/technet/security/bulletin/ms01-050.asp

来源: XF
名称: ms-malformed-document-macro(7223)
链接:http://xforce.iss.net/static/7223.php

来源: BID
名称: 3402
链接:http://www.securityfocus.com/bid/3402

来源: BUGTRAQ
名称: 20011005 Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro security features
链接:http://online.securityfocus.com/archive/1/218802