|
|
Microsoft Internet Explorer 文档指示存在缓冲溢出漏洞
发布时间:2002-02-18
更新时间:2002-02-18
严重程度:中
威胁程度:普通用户访问权限
错误类型:边界检查错误
利用方式:客户机模式
BUGTRAQ ID:4080
受影响系统Microsoft Internet Explorer 5.01
+ Microsoft Windows 2000 Terminal Services
+ Microsoft Windows 2000 Workstation
+ Microsoft Windows 2000 Workstation SP1
+ Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
+ Microsoft Windows ME
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.0.1SP2
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.0.1SP1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.5SP2
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Terminal Server 4.0
Microsoft Internet Explorer 5.5SP1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.5
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 6.0
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0SP6a 详细描述
IE中的HTML指示存在设计缺陷,可导致远程攻击者在客户端系统上执行任意代码。
MSIE支持WEB页上对嵌入文档做指示,其中mshtml.dll存在缓冲溢出可以通过恶意
构建的WEB页面和HTML EMAIL来触发。
测试代码
尚无
解决方案
下载如下升级程序:
Microsoft Internet Explorer 5.01:
Microsoft Internet Explorer 5.0.1SP2:
Microsoft Patch q316059_IE 5.01
http://download.microsoft.com/download/ie501sp2/secpac25/5.01_sp2/NT5/EN-US/q316059.exe
Microsoft Internet Explorer 5.0.1SP1:
Microsoft Internet Explorer 5.5SP2:
Microsoft Patch q316059_IE 5.5SP2
http://download.microsoft.com/download/ie55sp2/secpac25/5.5_sp2/WIN98Me/EN-US/q316059.exe
Microsoft Internet Explorer 5.5SP1:
Microsoft Patch q316059_IE 5.5SP1
http://download.microsoft.com/download/ie55sp1/secpac25/5.5_sp1/WIN98Me/EN-US/q316059.exe
Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0:
Microsoft Patch q316059_IE6
http://download.microsoft.com/download/IE60/secpac25/6/W98NT42KMeXP/EN-US/q316059.exe
相关信息
参考:http://www.securityfocus.com/archive/1/255965
相关主页:http://www.microsoft.com/technet/security/bulletin/MS02-005.asp
|
