Vulnerabilidade no Microsoft Office PDF Imprimir
Categoria: Alertas
quinta, 08 fevereiro 2007 11:42
Sistemas Operativos Implicados: Windows XP/NT/2K/Me/98/95
Aplicações Implicadas: Indefinido

Foi identificada uma vulnerabilidade no Microsoft Office que poderá permitir a um atacante remoto a execução de código arbitrário. De acordo com o boletim de segurança da Microsoft 932553, esta vulnerabilidade está a ser activamente explorada através de ficheiros Excel especialmente modificados

I. Description

Microsoft Office contains a vulnerability in the way that it handles malformed strings. According to Microsoft Security Advisory (932553), this vulnerability is actively being exploited via specially crafted Excel documents. However other Office applications, such as Word and PowerPoint are also reported to be affected by this vulnerability and may be used in attacks.

II. Impact

By convincing a user to open a specially crafted Office document, an attacker could execute arbitrary code.

III. Solution

We are currently unaware of a practical solution to this problem. Until a solution is available, the following workarounds may help protect against exploitation:

Do not open untrusted Office documents

Do not open unfamiliar or unexpected Excel or other Office documents, particularly those hosted on web sites or delivered as email attachments. Please see Cyber Security Tip ST04-010.

Do not rely on file name extension filtering

In most cases, Windows will call the appropriate Office application to open a document even if the document has an unknown file extension. For example, if document.qwer contains the correct file header information for a Excel document, Windows will open document.qwer with Excel. Filtering for common Office file extensions (e.g., .xls, .doc, and .ppt) will not detect all Office documents.

Disable automatic opening of Microsoft Office documents

By default, Microsoft Office 97 and Microsoft Office 2000 will configure Internet Explorer to automatically open Microsoft Office documents. This feature can be disabled by using the Office Document Open Confirmation Tool. Mozilla Firefox users should disable automatic opening of files, as specified in the Securing Your Web Browser document.

Systems Affected

Vendor Status Date Updated
Microsoft Corporation Vulnerable 5-Feb-2007

References

http://www.microsoft.com/technet/security/advisory/932553.mspx
http://secunia.com/advisories/24008

Missão

O CERT.PT tem como missão contribuir para o esforço de cibersegurança nacional nomeadamente no tratamento e coordenação da resposta a incidentes, na produção de alertas e recomendações de segurança e na promoção de uma cultura de segurança em Portugal.

PT EN
Participe Incidente

Contactos

Av. do Brasil 101 
1700-066 Lisboa 
Portugal

Tel: +351 218440177 (9h30-12h30, 14h00-17h30; GMT)  
Fax: +351 218472167

email:

pgp: 342A 17BA DF71 E193 6871 0357 8BDE A247 C523 AAE7

Filiação

FIRST
Acreditação Internacional
Membro da Rede Nacional CSIRTs

Feeds RSS

Alertas

Recomendações

Notícias