首页 -> 安全研究
安全研究
安全漏洞
Microsoft Excel Drawing Shape超链接宏代码执行漏洞(MS02-031)
发布日期:2002-06-19
更新日期:2002-06-26
受影响系统:
Microsoft Excel 2000描述:
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows ME
- Microsoft Windows 98 SE
- Microsoft Windows 98
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Excel 2002
- Microsoft Windows XP
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows ME
- Microsoft Windows 98 SE
- Microsoft Windows 98
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Office 2000
- Microsoft Windows NT 4.0
- Microsoft Windows ME
- Microsoft Windows 98
- Microsoft Windows 2000 SP3
Microsoft Office XP
- Microsoft Windows XP
- Microsoft Windows NT 4.0
- Microsoft Windows ME
- Microsoft Windows 98
- Microsoft Windows 2000 SP3
Microsoft Word 2002
- Microsoft Windows XP
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows ME
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
BUGTRAQ ID: 5064
CVE(CAN) ID: CVE-2002-0617
Microsoft Excel是Microsoft公司开发的电子表格办公系统软件。
Microsoft Excel在通过超链接Drawing Shape对象打开工作簿时存在漏洞,可导致包含在被打开宏代码绕过宏安全模型检查而执行。
如果工作簿通过在drawing shape对象上的超链接打开时,包含在被打开的工作簿中的宏代码就可以绕过宏安全模型检查而自动执行。
<*来源:dH team
SECURITY.NNOV team
链接:http://www.microsoft.com/technet/security/bulletin/MS02-031.asp
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 不要随意打开不可信的Excel文件。
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS02-031)以及相应补丁:
MS02-031:Cumulative Patches for Excel and Word for Windows (Q324458)
链接:http://www.microsoft.com/technet/security/bulletin/MS02-031.asp
补丁下载:
* Office Product Updates site:
http://office.microsoft.com/productupdates/default.aspx
* Microsoft Excel 2000 for Windows:
o Client Installation:
http://office.microsoft.com/downloads/2000/exc0901.aspx
o Administrative Installation:
http://www.microsoft.com/office/ork/xp/journ/exc0901a.htm
* Microsoft Excel 2002 for Windows:
o Client Installation:
http://office.microsoft.com/downloads/2002/exc1002.aspx
o Administrative Installation:
http://www.microsoft.com/office/ork/xp/journ/exc1002a.htm
* Microsoft Word 2002:
o Client Installation:
http://office.microsoft.com/downloads/2002/wrd1004.aspx
o Administrative Installation:
http://www.microsoft.com/office/ork/xp/journ/wrd1004a.htm
浏览次数:3299
严重程度:0(网友投票)
绿盟科技给您安全的保障