Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19772
HistoryJun 10, 2010 - 12:00 a.m.

Office Excel畸形图表子流解析远程代码执行漏洞(MS10-038)

2010-06-1000:00:00
Root
www.seebug.org
21

EPSS

0.955

Percentile

99.4%

JSON

BUGTRAQ ID: 40521
CVE ID: CVE-2010-0823

Excel是微软Office套件中的电子表格工具。

Excel在解析电子表格中的畸形图表子流时存在内存破坏漏洞,用户受骗打开了畸形的Excel文档就会导致执行任意代码。

Microsoft Excel Viewer SP2
Microsoft Excel Viewer SP1
Microsoft Excel 2007 SP2
Microsoft Excel 2007 SP1
Microsoft Excel 2003 SP3
Microsoft Excel 2003 SP2
Microsoft Excel 2002 SP3
Microsoft Office 2008 for Mac
Microsoft Office 2004 for Mac
临时解决方法:

  • 使用Microsoft Office文件阻断策略以防止打开未知或不可信任来源的Office 2003及更早版本的文档。

  • 当打开来自未知来源或不可信来源的文件时使用Microsoft Office隔离转换环境(MOICE)。

  • 不要打开从不可信任来源接收到或从可信任来源意外接收到的Excel文件。

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS10-038)以及相应补丁:
MS10-038:Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
链接:http://www.microsoft.com/technet/security/bulletin/MS10-038.asp

Related

checkpoint_advisories 2
cvelist 3
cve 3
prion 3
nvd 3
nessus 2
openvas 2
securityvulns 2
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Malformed Chart Sheet Substream Memory Corruption (MS10-038; CVE-2010-0823)
2010-06-08 00:00:00
Microsoft Excel Malformed Chart Sheet Substream Memory Corruption (MS10-038) - Ver2 (CVE-2010-0823)
2015-05-18 00:00:00
cvelist
cvelist
CVE-2010-1249
2010-06-08 20:00:00
CVE-2010-1247
2010-06-08 20:00:00
CVE-2010-0823
2010-06-08 20:00:00
cve
cve
CVE-2010-1247
2010-06-08 20:30:02
CVE-2010-1249
2010-06-08 20:30:02
CVE-2010-0823
2010-06-08 20:30:02
prion
prion
Memory corruption
2010-06-08 20:30:00
Memory corruption
2010-06-08 20:30:00
Memory corruption
2010-06-08 20:30:00
nvd
nvd
CVE-2010-1247
2010-06-08 20:30:02
CVE-2010-0823
2010-06-08 20:30:02
CVE-2010-1249
2010-06-08 20:30:02
nessus
nessus
MS10-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2027452) (Mac OS X)
2010-10-20 00:00:00
MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
2010-06-09 00:00:00
openvas
openvas
Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
2010-06-09 00:00:00
Microsoft Office Excel Remote Code Execution Vulnerabilities (2027452)
2010-06-09 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS10-038 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
2010-06-09 00:00:00
Microsoft Office multiple security vulnerabilities
2010-06-14 00:00:00

EPSS

0.955

Percentile

99.4%

JSON
Related for SSV:19772
checkpoint_advisories2cvelist3cve3prion3nvd3nessus2openvas2securityvulns2