应用安全 - 无文件攻击 - Office漏洞 - 汇总
CVE-2017-0199
Date: 2017-1 类型: 弹窗|内网穿透导致远程代码执行 影响范围: Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2
不受影响:
office2010破解版
(1)插入对象弹框如此类型的
需要关闭防病毒软件 - 或修改配置
(1)
修复:
https://support.microsoft.com/en-us/help/4014793/title
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
