Again, thanks to Malware Tracker keeping exploit timeline for Microsoft products (MS Office, HTML help, Windows thumbnail), these are the patches you need to have installed for protection or should not *not* have if you want successful sandbox testing of these exploits.
Some of these like Flash were also used as Web exploits. The table below includes only exploits used in documents.
There are too many Flash exploits to list with the links, however, the two lists below allow very easy correlation
| Release | CVE ID | Description | Exploit | Patch | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 2011-04-11 | CVE-2011-0611 
DOC, XLS  | 
Safe with Adobe Flash v. 10.2.159.1DOWNLOAD Adobe Flash embedded in Microsoft Word or Excel. ----------------------------------------------- | Adobe Flash zeroday. See the Adobe advisory for more information. | 2011-04-15 Flash 10.2.159.1 | ||||||
| 2011-03-14 | CVE-2011-0609 DOC, XLS | Safe with Adobe Flash v. 10.2.153.1 DOWNLOAD Adobe Flash embedded in Microsoft Excel (also affects PDF). Used in RSA compromise. ----------------------------------------------- | Adobe Flash zeroday, 1-byte fuzzing. See the Adobe advisory for more information. | 2011-03-21 Flash 10.2.152.33 | ||||||
| 2010-11-09 | CVE-2010-3333 DOC (RTF) | Safe with the following patches (click on the one you need to download) 
 ----------------------------------------------- | Microsoft Office/Word RTF exploit Advisory 2423930 | 2010-11-09 MS10-087 | ||||||
| 2011-01-04 | CVE-2010-3970 DOC | Safe with Windows patch KB2483185 see other OS on Windows Update site 
 ----------------------------------------------- Safe with the following patches | Microsoft Windows thumbnail Advisory 2490606 | 2011-02-08 MS11-006 | ||||||
| 2009-11-10 | CVE-2009-3129 XLS | 
 --------------------------------------------- | Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution Advisory 972652 | 2009-11-10 MS09-067 | ||||||
| 2009-06-09 | CVE-2009-0557 XLS | Safe with the following patches 
 --------------------------------------------- | malformed record object Advisory 969462 | 2009-06-09 MS09-021 | ||||||
| 2009-04-02 | CVE-2009-0556 PPT | Safe with the following patches 
 --------------------------------------------- Safe with the following patches | Microsoft Powerpoint Boundary Condition Error Advisory 969136 | 2009-05-12 MS09-017 | ||||||
| 2008-12-09 | CVE-2008-4841 DOC | 
 Safe with the following patches | malformed list Advisory 960906 | 2009-04-14 MS09-010 | ||||||
| 2008-08-12 | CVE-2008-3005 XLS | 
 ------------------------------------------- Safe with the following patches | array index Advisory 954066 | 2008-08-12 MS08-043 | ||||||
| 2008-01-15 | CVE-2008-0081 XLS | 
 --------------------------------------------- Safe with the following patches | Input Validation Error Advisory 947563 | 2008-03-08 MS08-014 | ||||||
| 2007-02-13 | CVE-2006-6456 DOC | 
 ------------------------------------------------- | Microsoft Word Advisory 929434 | 2007-02-13 MS07-014 | ||||||
| 2006-07-11 | CVE-2006-2389 Office documents | Safe with the following patches Office 2003 SP1 SP2 - Download the update (KB917151) Office XP SP3 - Download the update (KB917150) Office 2000 SP3 - Download the update (KB917152) Microsoft Office document parsing vulnerability. ------------------------------------------------- Safe with the following patches | >Microsoft Office Advisory 917284 | 2006-07-11 MS06-038 | ||||||
| 2005-05-10 | CVE-2006-2492 DOC | 
 Pointer vulnerability. ----------------------------------------------- | malformed object pointer Advisory 919637 | 2005-06-13 MS06-027 | ||||||
| 1997 | Design Flaw | Microsoft Compiled HTML Help can contain and run executables. | .CHM files run from local zone | 
 

interesting blog
ReplyDelete