MicrosoftWordExcel远程任意代码可执行漏洞

2003年12月23日15:41:23　国家计算机网络入侵防范中心

中心编号：NIPC-2003-0906 　　CVE编号：CAN-2003-0821 　　漏洞级别：高 　　发布日期：2003-12-22 　　更新日期：2003-12-15 　　漏洞类型：输入验证错误,缓冲区溢出 　　攻击类型：远程 　　攻击效果：安全保护 　　受影响系统： 　　Microsoft, Word, 2000 SR1aMicrosoft, Word, 2000 SR1Microsoft, Word, 2000 SP3Microsoft, Word, 2000 SP2Microsoft, Word, 2000Microsoft, Word, 2000 Chinese Version Microsoft, Word, 2000 Japanese Version Microsoft, Word, 2000 Korean Version Microsoft, Word, 2002 SP2Microsoft, Word, 2002 SP1Microsoft, Word, 2002Microsoft, Word, 97 SR2Microsoft, Word, 97 SR1Microsoft, Word, 97 Microsoft, Word, 97 Chinese Version Microsoft, Word, 97 Japanese Version Microsoft, Word, 97 Korean Version Microsoft, Word, 98 Microsoft, Word, 98 Chinese Version Microsoft, Word, 98 Japanese Version Microsoft, Word, 98 Korean Version Microsoft, Word, 98(J) SR2Microsoft, Word, 98(J) SR1Microsoft, Word, 98(J) Microsoft, Works Suite, 2001 Microsoft, Works Suite, 2002 Microsoft, Works Suite, 2003 Microsoft, Works Suite, 2004 　　漏洞描述： Microsoft Excel 97, 2000, 以及 2002 中存在漏洞，通过构建含有恶意的XML(Excel 4)宏的数据表绕过宏的安全模型，远程攻击者可以在系统中执行任意指令。 　　参考资源一： 　　Source: MicrosoftType: Generaland PatchName: Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)http://www.microsoft.com/technet/security/bulletin/ms03-050.asp 　　参考资源二： 　　Source: ISS X-ForceType: Generaland PatchName: Microsoft Excel macro allows attacker to execute codehttp://xforce.iss.net/xforce/xfdb/13681 　　参考资源三： 　　Source: Security FocusType: Generaland PatchName: bid 8835http://www.securityfocus.com/bid/8835