BUGTRAQ ID: 35184
CVE(CAN) ID: CVE-2009-1533
Works是微软的家用综合软件,提供基本的能提高生活效率的工具,如简单的文档处理、数据库、电子表格的入门级办公包功能。
Windows文件转换器的Works处理特制Works文件的方式中存在栈溢出漏洞。如果用户打开了包含有超长字体名的特制.wps文件,就可以触发这个溢出,导致执行任意代码。
Microsoft Office XP SP3
Microsoft Office 2007 SP1
Microsoft Office 2003 Service Pack 3
Microsoft Office 2000 SP3
Microsoft Works 9.0
Microsoft Works 8.5
临时解决方法:
对于Microsoft Windows 2000、Windows XP和Windows Server 2003,通过命令提示符运行以下命令:
cacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /E /P everyone:N
cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" /E /P everyone:N
对于Vista/Server 2008,从提升的命令提示符处运行下列命令:
takeown /f "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv"
icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /save works432_ACL.TXT
icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works432.cnv" /deny everyone:(F)
takeown /f "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv"
icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" /save works432_ACL.TXT
icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works432.cnv" /deny everyone:(F)
对于Microsoft Windows 2000、Windows XP和Windows Server 2003,通过命令提示符运行以下命令:
cacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv" /E /P everyone:N
cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv" /E /P everyone:N
对于Windows Vista和Windows Server 2008,从提升的命令提示符处运行下列命令:
takeown /f "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv"
icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv" /save works632_ACL.TXT
icacls "%CommonProgramFiles%\Microsoft Shared\TextConv\works632.cnv" /deny everyone:(F)
takeown /f "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv"
icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv" /save works632_ACL.TXT
icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\works632.cnv" /deny everyone:(F)
厂商补丁:
Microsoft已经为此发布了一个安全公告(MS09-024)以及相应补丁:
MS09-024:Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
链接:<a href=“http://www.microsoft.com/technet/security/Bulletin/MS09-024.mspx?pf=true” target=“_blank”>http://www.microsoft.com/technet/security/Bulletin/MS09-024.mspx?pf=true</a>