|
|
Adobe PhotoDeluxe Java 可执行漏洞
发布时间:2002-02-18
更新时间:2002-02-18
严重程度:中
威胁程度:普通用户访问权限
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:4106
受影响系统Adobe PhotoDeluxe 3.0
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0SP1
- Microsoft Windows NT Workstation 4.0SP2
- Microsoft Windows NT Workstation 4.0SP3
- Microsoft Windows NT Workstation 4.0SP4
- Microsoft Windows NT Workstation 4.0SP5
- Microsoft Windows NT Workstation 4.0SP6a
- Microsoft Windows XP Home
Adobe PhotoDeluxe 3.1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0SP1
- Microsoft Windows NT Workstation 4.0SP2
- Microsoft Windows NT Workstation 4.0SP3
- Microsoft Windows NT Workstation 4.0SP4
- Microsoft Windows NT Workstation 4.0SP5
- Microsoft Windows NT Workstation 4.0SP6a
- Microsoft Windows XP Home
Adobe PhotoDeluxe 4.0
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0SP1
- Microsoft Windows NT Workstation 4.0SP2
- Microsoft Windows NT Workstation 4.0SP3
- Microsoft Windows NT Workstation 4.0SP4
- Microsoft Windows NT Workstation 4.0SP5
- Microsoft Windows NT Workstation 4.0SP6a
- Microsoft Windows XP Home 详细描述
Adobe PhotoDeluxe 是一款图象编辑软件,运行在WINDOWS操作系统平台上。
Adobe PhotoDeluxe 安装一些敏感JAVA代码在公共位置上。
其中之一的Adobe PhotoDeluxe 功能是允许用户从ADOBE站点下载额外的设计组件,
这个功能称为"Connectables",通过安装在用户系统上的JAVA代码来实现,但是
JAVA APPLET安装方式不安全,通过恶意WEB页面和HTML EMAIL可造成攻击者查看
访问用户系统上的敏感信息或执行任意代码。
测试代码
相关测试主页如下所示:
http://java-house.jp/~takagi/java/security/adobe-photodeluxe/
解决方案
配置CLASSPATH变量把Adobe PhotoDeluxe Java 代码排除在外。
相关信息
参考:http://www.kb.cert.org/vuls/id/116875
|
