|
| |
NSFOCUS Security Advisory (SA2010-02)
Microsoft Visual Basic for Applications Text Parsing Stack Buffer Overflow Vulnerability
Release Date: 2010-05-12
CVE ID: CVE-2010-0815
http://www.nsfocus.com/en/advisories/1002.html
Affected system:
==============
Microsoft Office XP SP3
Microsoft Office 2007 SP2
Microsoft Office 2007 SP1
Microsoft Office 2003 Service Pack 3
Microsoft Visual Basic for Applications SDK 6.0
Impact:
======
NSFOCUS Security Team discovered a vulnerability in Microsoft Visual Basic
for Applications (VBA). A carefully crafted Office file might lead to memory
corruption, resulting in program crash or even code execution.
Description:
==========
Microsoft VBA is a development technology for developing client desktop packaged
applications and integrating them with existing data and systems. MS Office
products including Word, PowerPoint and Excel use VBA.
When searching for ActiveX controls in documents that support VBA (for example,
an Office document), the VBE6.dll used by VBA contains a single byte buffer
overflow in the parsing of .txt files. When the application opens a carefully
crafted file and passes it to the VBA runtime, if the embedded object's version
information does not include any minor version number, a single byte equal
to 0x2E out of the buffer bound will be converted to 0x00. Successful exploitation
of the vulnerability allow attackers to gain complete control over the affected
system.
Workaround:
===========
* Disable ActiveX controls in the 2007 Microsoft Office System
* Restrict access to VBE6.dll
For Microsoft Windows 2000, Windows XP, and Windows Server 2003, enter the
following at a command prompt:
cacls "C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\vbe6.dll" /E /P everyone:N
For Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2,
enter the following at an elevated command prompt:
takeown /f "C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\vbe6.dll"
icacls "C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\vbe6.dll" /save %TEMP%\VBE6_ACL.TXT
icacls "C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\vbe6.dll" /deny everyone:(F)
* Use the Microsoft Office Isolated Conversion Environment (MOICE) when opening
files from unknown or untrusted sources
Vendor Status:
============
The vulnerability has been fixed in MS10-031. For more details, please refer
to the following Microsoft Security Bulletin:
http://www.microsoft.com/china/technet/security/bulletin/MS10-031.mspx
Additional Information:
==================
The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2010-0815 to this issue. This is a candidate for inclusion in the CVE
list (http://cve.mitre.org), which standardizes names for security problems.
Candidates may change significantly before they become official CVE entries.
Credit:
=====
This vulnerability was discovered by Yu Yang of NSFOCUS Security Team.
|
| |
|
| |
DISCLAIMS:
THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" WITHOUT WARRANTY OF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENTSHALL NSFOCUS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF USINESS PROFITS OR SPECIAL DAMAGES, EVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE ADVISORY IS NOT MODIFIED IN ANY WAY.
© 2010 NSFOCUS.
NSFOCUS Security Team <security@nsfocus.com>
NSFOCUS INFORMATION TECHNOLOGY CO.,LTD
(http://www.nsfocus.com)
PGP Key: http://www.nsfocus.com/homepage/research/pgpkey.asc
Key fingerprint = F8F2 F5D1 EF74 E08C 02FE 1B90 D7BF 7877 C6A6 F6DA |
|
|
