Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в продуктах Microsoft Office
дополнено с 10 февраля 2010 г.
Опубликовано:12 февраля 2010 г.
Источник:
SecurityVulns ID:10602
Тип:клиент
Уровень опасности:
7/10
Описание:Переполнение буфера при разборе всех форматов Microsoft Office, многочисленные повреждения памяти при разборе PowerPoint.
Затронутые продукты:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
CVE:CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow.")
 CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability.")
 CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability.")
 CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability.")
 CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability.")
 CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability.")
 CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability (12.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability (12.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability (12.02.2010)
 documentSECUNIA, Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow (10.02.2010)
 documentZDI, ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability (10.02.2010)
 documentZDI, TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability (10.02.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability (10.02.2010)
 documentSECUNIA, Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-004 - Important Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-003 - Important Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-003 - Important Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
 Microsoft Security Bulletin MS10-004 - Important Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород