MS IE的注册向导存在安全漏洞发布时间:1999-09-29 更新时间:1999-09-29 严重程度:高 威胁程度:本地管理员权限 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 WinNT详细描述 在INTERNET的Explorer注册向导(regwizc.dll)中存在一个缓冲溢出漏洞,这个控件中被标明为'Safe for Scripting'.可被恶意者利用此控件来执行两进制代码 测试代码 REGWIZC The Registration Wizard control used by Microsoft to register MS products also contains a buffer overrun in the 'InvokeRegWizard' method. When called with a long string, pre-pended with '/i', we can gain control of the RET address and exploit the control in a similar manner as the PDF control. This exploit will cause a 'Regwiz.log' file to be created in the temporary directory, and once again will execute CALC.EXE and terminate the host. ;gtobject classid="clsid:50E5E3D1-C07E-11D0-B9FD- 00A0249F6B00" id="RegWizObj"> ;gt/object> 解决方案 下载补丁: Internet Explorer 4.01 for Intel: ftp://ftp.microsoft.com/peropsys/ie/ie- public/fixes/usa/IE401/ImportExportFavorites- fix/x86/q241361.exe - Internet Explorer 4.01 for Alpha: ftp://ftp.microsoft.com/peropsys/ie/ie- public/fixes/usa/IE401/ImportExportFavorites- fix/Alpha/q241361.exe - Internet Explorer 5 for Intel: ftp://ftp.microsoft.com/peropsys/ie/ie- public/fixes/usa/IE50/ImportExportFavorites- fix/x86/q241361.exe - Internet Explorer 5 for Alpha: ftp://ftp.microsoft.com/peropsys/ie/ie- public/fixes/usa/IE50/ImportExportFavorites- fix/Alpha/q241361.exe 相关信息 |
