Korean
<< Back
VID 26334
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The hotfix (MS08-016, 949030) for 'Remote Code Execution Vulnerabilities in Microsoft Office' has not been applied. Microsoft Office could allow a remote attacker to execute arbitrary code on the affected system, caused by improper handling of a malformed objects within Office files. By constructing a specially-crafted Office file, a remote attacker could potentially execute arbitrary code if a user visited a Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
http://www.microsoft.com/technet/security/bulletin/ms08-016.mspx
http://www.us-cert.gov/cas/techalerts/TA08-071A.html
http://www.frsirt.com/english/advisories/2008/0848
http://www.securitytracker.com/id?1019578
http://secunia.com/advisories/29321

* Platforms Affected:
Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Office 2003 SP2
Microsoft Excel Viewer 2003 SP3
Microsoft Office 2004 for MacIntosh
Microsoft Windows Any version
Recommendation Apply the appropriate patch (949030) for your system, as listed in Microsoft Security Bulletin MS08-016 at http://www.microsoft.com/technet/security/bulletin/ms08-016.mspx

-- OR --

Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch.
Related URL CVE-2008-0103 (CVE)
Related URL 27738 (SecurityFocus)
Related URL 40066,40078 (ISS)