U radu programskog paketa Microsoft Word otkriven je sigurnosni propust kojeg udaljeni napadač može iskoristiti za pokretanje proizvoljnog programskog koda.
Paket:
Microsoft Office XP, Microsoft Word 2002
Operacijski sustavi:
Microsoft Windows Vista
Problem:
korupcija memorije, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
ne postoji zakrpa
Izvorni ID preporuke:
SA44923
Izvor:
Secunia
Problem:
Propust je posljedica nedovoljne provjere valjanosti pokazivača (eng. pointer), što ima za posljedicu korupciju memorije.
Posljedica:
Napadaču propust omogućuje pokretanje proizvoljnog programskog koda.
Rješenje:
Korisnicima se savjetuje da ne otvaraju Office dokumente iz nepovjerljivih izvora.
Microsoft Word Insufficient Pointer Validation Vulnerability
Secunia Advisory SA44923
Release Date 2011-06-17
Criticality level Highly critical
Impact System access
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Unpatched
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia VIM
Software:
Microsoft Office XP
Microsoft Word 2002
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
Protek Research Lab's has discovered a vulnerability in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a certain value in a document being used as a pointer, which can be exploited to corrupt memory via a specially crafted document.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 10.6866.6870. Other versions may also be affected.
Solution
Do not open Office files from untrusted sources.
Provided and/or discovered by
Francis Provencher, Protek Research Lab's.
Original Advisory
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=27&Itemid=27
Posljednje sigurnosne preporuke