Vulnerabilities > CVE-2008-3020 - Resource Management Errors vulnerability in Microsoft Office, Office Converter Pack and Works
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS08-044.NASL |
| description | The remote host is running a version of some Microsoft Office filters that are subject to various flaws that could allow arbitrary code to be run. An attacker may use these to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it import it with Microsoft Office. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 33873 |
| published | 2008-08-13 |
| reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/33873 |
| title | MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) |
Oval
| accepted | 2015-08-10T04:00:59.885-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability." | ||||||||||||||||||||
| family | windows | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:5868 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2009-03-16T15:00:00 | ||||||||||||||||||||
| title | Microsoft Malformed BMP Filter Vulnerability | ||||||||||||||||||||
| version | 15 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 30599 CVE(CAN) ID: CVE-2008-3020 Microsoft Office是非常流行的办公软件套件。 Office的BMPIMP32.FLT过滤器模块没有正确处理office文档中的BMP图形,如果BMP图形文件头中指定了大量的颜色的话,则打开该文件就可能触发堆溢出,导致执行任意指令。 Microsoft Office XP SP3 Microsoft Office Converter Pack Microsoft Office 2000 SP3 Microsoft Works 8.0 临时解决方法: * 修改存取控制表以拒绝所有用户对BMP32.FLT的访问 注册表方法 对于Microsoft Windows 2000所有受支持的版本 1. 单击“开始”,单击“运行”,键入regedit.exe,然后单击“确定”。 2. 导航到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Graphics Filters\Import\BMP 3. 单击“安全”,然后单击“权限”。 4. 记下此对话框中列出的权限,以便以后可以将其还原为初始值。 5. 取消选择“允许可继承的权限从父对象传送到此对象...”并单击“删除”和“确定”。 6. 对话框警告使用当前设置时,任何人都将无法访问此注册表项。出现提示时单 击“是”。 对于Windows XP Service Pack 1或更高版本操作系统的所有受支持版本 1. 单击“开始”,单击“运行”,键入regedit.exe,然后单击“确定”。 2. 导航到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Graphics Filters\Import\BMP 3. 单击“编辑”,然后单击“权限”。 4. 记下此对话框中列出的权限,以便以后可以将其还原为初始值。 5. 单击“高级”。 6. 取消选择“允许父项的继承权限传播到该对象和所有子对象,包括那些在此明确定义的项目。单击“删除”,然后单击“确定”。 7. 对话框警告使用当前设置时,任何人都将无法访问此注册表项。单击“是”,然后单击“确定”关闭“BMP 的权限”对话框。 脚本方法 对于Windows XP的所有受支持的32位版本,通过命令提示符运行以下命令: cacls "%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\BMPIMP32.FLT" /E /P everyone:N 对于Windows XP的所有受支持的基于x64的版本,通过命令提示符运行以下命令: cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\BMPIMP32.FLT" /E /P everyone:N 对于Windows Vista和Windows Server 2008的所有受支持的32位版本,以管理员身份通过命令提示符运行下列命令: takeown /f "%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\BMPIMP32.FLT" icacls "%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\BMPIMP32.FLT" /save %TEMP%\BMP IMP32 _ACL.TXT icacls "%ProgramFiles%\Common Files\Microsoft Shared\GRPHFLT\BMPIMP32.FLT" /deny everyone:(F) 对于Windows Vista和Windows Server 2008的所有受支持的基于x64的版本,以管理员身份通过命令提示符运行下列命令: takeown /f "%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\BMPIMP32.FLT" icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\BMPIMP32.FLT" /save %TEMP%\BMP IMP32 _ACL.TXT icacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\GRPHFLT\BMPIMP32.FLT" /deny everyone:(F) * 不要打开或保存从不受信任来源或从受信任来源意外收到的文档。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-044)以及相应补丁: MS08-044:Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx?pf=true</a> |
| id | SSV:3848 |
| last seen | 2017-11-19 |
| modified | 2008-08-15 |
| published | 2008-08-15 |
| reporter | Root |
| title | Microsoft Office BMP输入过滤器堆溢出漏洞(MS08-044) |
References
- http://marc.info/?l=bugtraq&m=121915960406986&w=2
- http://secunia.com/advisories/31336
- http://www.securityfocus.com/bid/30599
- http://www.securitytracker.com/id?1020673
- http://www.us-cert.gov/cas/techalerts/TA08-225A.html
- http://www.vupen.com/english/advisories/2008/2348
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5868