Executive Summary
Summary | |
---|---|
Title | Microsoft Office Web Components Spreadsheet ActiveX control URL parsing stack buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#654577 | First vendor Publication | 2008-03-12 |
Vendor | VU-CERT | Last vendor Modification | 2008-03-13 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#654577Microsoft Office Web Components Spreadsheet ActiveX control URL parsing stack buffer overflowOverviewThe Microsoft Office Web Components ActiveX controls contain a stack buffer overflow in the processing of URLs, which allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionMicrosoft Office Web Components are ActiveX controls that provide Microsoft Office functionality, such as spreadsheets, tables, and charts. These ActiveX controls are provided by the file MSOWC.DLL. Several of the ActiveX controls provided by MSOWC.DLL are marked Safe for Scripting and Safe for Initialization, which means that they can be controlled by a web page in Internet Explorer. Microsoft Office Web Components are provided by multiple products including
II. ImpactBy convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.III. SolutionApply an updateThis issue is addressed in Microsoft Security Bulletin MS08-017. This update provides a newer version of MSOWC.DLL, sets the kill bit for the vulnerable versions of the Microsoft Office Spreadsheet control, and sets the phoenix bit to retain compatibility with web pages that refer to the old CLSID for the Spreadsheet control.
{0002E511-0000-0000-C000-000000000046}
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0002E510-0000-0000-C000-000000000046}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0002E511-0000-0000-C000-000000000046}] "Compatibility Flags"=dword:00000400 Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the "Securing Your Web Browser" document. Systems Affected
References
This vulnerability was reported by Microsoft, who in turn credit Chris Ries of VigilantMinds and Xiao Hui of NCNIPC. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/654577 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14227 | |||
Oval ID: | oval:org.mitre.oval:def:14227 | ||
Title: | Office Web Components URL Parsing Vulnerability | ||
Description: | Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-4695 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows XP | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Visual Studio .NET 2002 Microsoft Visual Studio .NET 2003 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow | More info here |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
42711 | Microsoft Office Web Components URL Parsing Arbitrary Code Execution |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-03-17 | IAVM : 2008-A-0015 - Microsoft Office Web Components Remote Code Execution Vulnerabilities Severity : Category II - VMSKEY : V0015760 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt RuleID : 4177 - Revision : 20 - Type : BROWSER-PLUGINS |
2015-01-06 | Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt RuleID : 32642 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Office Web Components remote code execution attempt ActiveX clsid u... RuleID : 13581 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Office Web Components remote code execution attempt ActiveX clsid a... RuleID : 13580 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | Office 2000 and 2002 Web Components Spreadsheet ActiveX clsid unicode access RuleID : 13467 - Revision : 5 - Type : WEB-ACTIVEX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-03-11 | Name : Arbitrary code can be executed on the remote host through Microsoft Office We... File : smb_nt_ms08-017.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-04-15 13:28:38 |
|
2013-05-11 12:26:41 |
|