MS hhopen OLE控制存在缓冲溢出发布时间:1999-09-29 更新时间:2000-09-29 严重程度:高 威胁程度:本地管理员权限 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 WinNT详细描述 IEF随带的hhopen OLE控件(hhopen.ocx)中存在一个缓冲溢出漏洞,这个控件中被标明为'Safe for Scripting'.可被恶意者利用此控件来执行两进制代码 测试代码 HHOPEN: This control is a little more difficult to exploit, as the RET address is in the middle of the string, and once again there is no easy way to RET to our code, so I have RET'd to ExitProcess directly instead. In this case, OpenHelp is the vulnerable method, and the exploit is possible when the method is called with a valid help file, and a long Help Section 解决方案 下载补丁: Internet Explorer 4.01 for Intel: ftp://ftp.microsoft.com/peropsys/ie/ie- public/fixes/usa/IE401/ImportExportFavorites- fix/x86/q241361.exe - Internet Explorer 4.01 for Alpha: ftp://ftp.microsoft.com/peropsys/ie/ie- public/fixes/usa/IE401/ImportExportFavorites- fix/Alpha/q241361.exe - Internet Explorer 5 for Intel: ftp://ftp.microsoft.com/peropsys/ie/ie- public/fixes/usa/IE50/ImportExportFavorites- fix/x86/q241361.exe - Internet Explorer 5 for Alpha: ftp://ftp.microsoft.com/peropsys/ie/ie- public/fixes/usa/IE50/ImportExportFavorites- fix/Alpha/q241361.exe 相关信息 |
