多个Mac OS下的Microsoft产品存在文件URL缓冲区溢出漏洞(MS02-019)

漏洞信息详情

多个Mac OS下的Microsoft产品存在文件URL缓冲区溢出漏洞(MS02-019)

• CNNVD编号：CNNVD-200204-028
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-0152
  
• 漏洞类型：
  
  
  边界条件错误
  
• 发布时间：
  
  2002-04-22
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-20
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Matt Conover※ shok…

Microsoft公司为MacOS操作系统下提供多种产品，包括Internet Explorer、Outlook Express、Entourage、PowerPoint、Excel和Word.
MacOS系统下的这些产品在处理file：///URL时存在问题，可以导致缓冲区溢出。
由于在file：//指示中处理子目录长度时存在问题，攻击者可以构建包含恶意file：///形式URL的WEB页面，并对file：///提交过多的字符，当MacOS下的浏览用户访问此链接的时候，可以导致缓冲区溢出，并存在以浏览用户权限执行任意代码的可能。

临时解决方法：
如果您不能立刻安装补丁或者升级，CNNVD建议您采取以下措施以降低威胁：

* 暂时没有合适的临时解决方法。
厂商补丁：
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS02-019)以及相应补丁:

MS02-019：Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309)

链接：http://www.microsoft.com/technet/security/bulletin/MS02-019.asp” target=”_blank”>
http://www.microsoft.com/technet/security/bulletin/MS02-019.asp

补丁下载，注意Microsoft PowerPoint 98 for Macintosh的补丁尚未提供：

Microsoft Office 2001 For Macintosh SR1:

Microsoft Patch Office2001URLEN

http://download.microsoft.com/download/Office9Mac/Update/1.00/MacOS/EN-US/Office2001URLEN.hqx” target=”_blank”>
http://download.microsoft.com/download/Office9Mac/Update/1.00/MacOS/EN-US/Office2001URLEN.hqx

Microsoft Office v. X :

Microsoft Patch CombinedUpdater1003EN

http://download.microsoft.com/download/OfficeX/Update/10.0.3/MacOS/EN-US/CombinedUpdater1003EN.hqx” target=”_blank”>
http://download.microsoft.com/download/OfficeX/Update/10.0.3/MacOS/EN-US/CombinedUpdater1003EN.hqx

Microsoft Office 2001 For Macintosh :

Microsoft PowerPoint 98 for Mac :

Microsoft Outlook Express for MacOS 5.0:

Microsoft Upgrade oe504install_en

http://download.microsoft.com/download/outlookexp5mac/Install/5.0.4/MacOS/EN-US/oe504install_en.hqx” target=”_blank”>
http://download.microsoft.com/download/outlookexp5mac/Install/5.0.4/MacOS/EN-US/oe504install_en.hqx

Microsoft Outlook Express for MacOS 5.0.1:

Microsoft Upgrade oe504install_en

http://download.microsoft.com/download/outlookexp5mac/Install/5.0.4/MacOS/EN-US/oe504install_en.hqx” target=”_blank”>
http://download.microsoft.com/download/outlookexp5mac/Install/5.0.4/MacOS/EN-US/oe504install_en.hqx

Microsoft Outlook Express for MacOS 5.0.2:

Microsoft Upgrade oe504install_en

http://download.microsoft.com/download/outlookexp5mac/Install/5.0.4/MacOS/EN-US/oe504install_en.hqx” target=”_blank”>
http://download.microsoft.com/download/outlookexp5mac/Install/5.0.4/MacOS/EN-US/oe504install_en.hqx

Microsoft Outlook Express for MacOS 5.0.3:

Microsoft Upgrade oe504install_en

http://download.microsoft.com/download/outlookexp5mac/Install/5.0.4/MacOS/EN-US/oe504install_en.hqx” target=”_blank”>
http://download.microsoft.com/download/outlookexp5mac/Install/5.0.4/MacOS/EN-US/oe504install_en.hqx

Microsoft Internet Explorer Macintosh Edition 5.1:

Microsoft Patch ie51eng

http://download.microsoft.com/download/ie5mac/Install/5.1.4/MacOS/EN-US/ie51eng.hqx” target=”_blank”>
http://download.microsoft.com/download/ie5mac/Install/5.1.4/MacOS/EN-US/ie51eng.hqx

来源: MS
名称: MS02-019
链接:http://www.microsoft.com/technet/security/bulletin/ms02-019.asp

来源: BUGTRAQ
名称: 20020416 w00w00 on Microsoft IE/Office for Mac OS
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101897994314015&w=2

来源: BID
名称: 4517
链接:http://www.securityfocus.com/bid/4517

来源: OSVDB
名称: 5357
链接:http://www.osvdb.org/5357

来源: XF
名称: ms-mac-html-file-bo(8850)
链接:http://www.iss.net/security_center/static/8850.php