Technical Cyber Security Alert TA06-139A

转载 2006年05月24日 13:30:00
Technical Cyber Security Alert TA06-139A archive

Microsoft Word Vulnerability

Original release date: May 19, 2006
Last revised: --
Source: US-CERT

Systems Affected

Microsoft Word 2003 Microsoft Word XP (2002)

Microsoft Word is included in Microsoft Works Suite and Microsoft Office. Other versions of Word, and other Office programs may be affected or act as attack vectors.


A buffer overflow vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system.

I. Description

Microsoft Word contains a buffer overflow vulnerability. Opening a specially crafted Word document, including documents hosted on web sites or attached to email messages, could trigger the vulnerability.

Office documents can contain embedded objects. For example, a malicious Word document could be embedded in an Excel or PowerPoint document. Office documents other than Word documents could be used as attack vectors.

For more information, please see Vulnerability Note VU#446012.

II. Impact

By convincing a user to open a specially crafted Word document, an attacker could execute arbitrary code on a vulnerable system. If the user has administrative privileges, the attacker could gain complete control of the system.

III. Solution

At the time of writing, there is no complete solution available. Consider the following workarounds:

Do not open untrusted Word documents

Do not open unfamiliar or unexpected Word or other Office documents, including those received as email attachments or hosted on a web site. Please see Cyber Security Tip ST04-010 for more information.

Do not rely on file extension filtering

In most cases, Windows will call Word to open a document even if the document has an unknown file extension. For example, if document.d0c (note the digit "0") contains the correct file header information, Windows will open document.d0c with Word.

Appendix A. References

Information used in this document came from SANS and Microsoft.

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

May 19, 2006: Initial release

Cyber security和Network security的区别

主要是关于network security 和cyber security的区别。
  • weixin_37529489
  • weixin_37529489
  • 2017年10月10日 14:30
  • 571

ESET Cyber​​ Security Pro for Mac(杀毒软件)附激活码 v6.5.600.1破解版

ESET Cyber​​ Security Pro for Mac(杀毒软件)附激活码 v6.5.600.1破解版,详见博客:http://003e5258-ab01-4b8c-83e6-a78718...
  • zhangzhihong8001
  • zhangzhihong8001
  • 2017年12月29日 11:12
  • 93

nist cybersecurity framework
  • cnbird2008
  • cnbird2008
  • 2015年07月03日 22:15
  • 630

myeclipse security alert integrity check error 解决

  • gff1686
  • gff1686
  • 2017年03月17日 21:59
  • 3378


到myeclipse 安装目录下的plugs下的 com.genuitec.eclipse.core_13.0.2.me201508121459.jar. XXXXXX  包名字错了。他应该是后面加了...
  • huanglei1234567890
  • huanglei1234567890
  • 2015年12月11日 18:57
  • 6032

MyEclipse 2016 CI出现SECURITY ALERT问题解决方案

最近在安装完MyEclipse 2016 CI破解版本后,用网上的工具cracker.jar进行破解成功后,如下图: 但是过了一会就会提示安全警告SECURITY ALERT:INTEGRITY C...
  • dc765940174
  • dc765940174
  • 2017年04月07日 15:08
  • 11756

myeclipse10破解后,导出war包时报“SECURITY ALERT: INTEGERITY CHECK ERROR”进行了破解

对于myeclipse10破解后,导出war包时报“SECURITY ALERT: INTEGERITY CHECK ERROR”进行了破解。 破解方法:1)在目录MyEclipse/Common/p...
  • cuiyaoqiang
  • cuiyaoqiang
  • 2016年05月20日 08:59
  • 3393

myeclipse10.7破解,解决导出war包时报“SECURITY ALERT: INTEGERITY CHECK ERROR”

一、操作系统的环境是win7,64bit和32bit的操作系统我试过都OK 按照网上一些Crack破解程序步骤操作就可以完成破解过程, 也可以到我的CSDN资源里下载文件包 myeclipse10.7...
  • dingmao6790229
  • dingmao6790229
  • 2015年03月20日 11:57
  • 9717

myeclise 2016 CI security alert:integrity check error

今天电脑开机一直出现 security alert:integrity check error...........提示,然后自动关闭。以前也有过,不过重启一次就好了,今天一直来。于是必须得解决。 ...
  • ypp91zr
  • ypp91zr
  • 2017年08月21日 09:50
  • 815

security alert:integrity check error MyEclipse10.5 &10.6导War包出错,解决办法

  • The_Thinnest
  • The_Thinnest
  • 2017年03月09日 13:44
  • 741
您举报文章:Technical Cyber Security Alert TA06-139A