Internet Explorer Patch Q312461 存在可判断问题

发布时间：2001-11-22
更新时间：2001-11-22
严重程度：中
威胁程度：服务器信息泄露
错误类型：设计错误
利用方式：服务器模式

受影响系统

Microsoft Internet Explorer 5.5SP2
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows 98se
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows NT Terminal Server
   - Microsoft Windows NT 3.5.1
   - Microsoft Windows NT 3.5.1SP1
   - Microsoft Windows NT 3.5.1SP2
   - Microsoft Windows NT 3.5.1SP3
   - Microsoft Windows NT 3.5.1SP4
   - Microsoft Windows NT 3.5.1SP5
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
   - Microsoft Windows NT Enterprise Server 4.0
Microsoft Internet Explorer 5.5SP1
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.5
   - Microsoft Windows 95
   - Microsoft Windows 98
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0SP1
   - Microsoft Windows NT 4.0SP2
   - Microsoft Windows NT 4.0SP3
   - Microsoft Windows NT 4.0SP4
   - Microsoft Windows NT 4.0SP5
   - Microsoft Windows NT 4.0SP6
   - Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 6.0
   - Microsoft Windows 98
   - Microsoft Windows 98se
   - Microsoft Windows ME
   - Microsoft Windows 2000
   - Microsoft Windows 2000 SP1
   - Microsoft Windows 2000 SP2
   - Microsoft Windows NT 4.0SP6a

详细描述
HTTP_USER_AGENT 变量在WEB浏览器和WEB服务器在每一次WEB页面被请求时
传递，变量包含用户代理端名字和操作系统信息。

Microsoft Internet Explorer patch Q312461 补丁存在一个问题，可以导致
根据HTTP_USER_AGENT 变量判断其是否存在。

这样攻击者就可以搜索根据此变量来判断是否打了补丁并进行响应攻击。

测试代码
尚无

解决方案
下载补丁程序：
Microsoft Internet Explorer 5.5SP2:

Microsoft Hotfix IE5.5 Q312461.exe
http://download.microsoft.com/download/ie55sp2/secpac22/5.5_SP2/WIN98Me/EN-US/q312461.exe

Microsoft Internet Explorer 5.5SP1:
Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0:

Microsoft Hotfix IE6 Q312461.exe
http://download.microsoft.com/download/IE60/secpac22/6/W98NT42KMeXP/EN-US/q312461.exe

相关信息
KOJIMA Hajime <kjm@rins.ryukoku.ac.jp>
参考：http://www.securityfocus.com/archive/1/240933
http://www.securityfocus.com/bid/3546
http://www.securityfocus.com/3513
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS

最近严重漏洞

Internet Explorer Patch Q312461 存在可判断问题