|
|
Microsoft FrontPage Server Extensions SmartHTML存在缓冲区溢出漏洞
发布时间:2002-09-28
更新时间:2002-09-28
严重程度:中
威胁程度:远程拒绝服务
错误类型:边界检查错误
利用方式:客户机模式
BUGTRAQ ID:5804
CVE(CAN) ID:CAN-2002-0692
受影响系统Microsoft FrontPage Server Extensions 2000
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP3
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP3
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home SP1
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional SP1
Microsoft FrontPage Server Extensions 2002
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional 详细描述
SmartHTML Interpreter (shtml.dll)是FrontPage Server Extensions (FPSE) 和Microsoft SharePoint Team Services中附带的程序,提供对WEB表单支持和其他基于Frontpage的动态内容。
这个DLL存在缺陷当处理特殊类型WEB文件请求时,如果请求包含部分特殊字符,可导致DLL解析器进入无限循环消耗大量CPU,需要重新启动WEB服务才能获得正常功能。在FrontPage Server Extensions 2002和SharePoint Team Services 2002上,相同类型的请求可导致缓冲溢出,存在执行任意代码可能。
测试代码
无
解决方案
补丁下载:
Microsoft FrontPage Server Extensions 2002 for all platforms http://download.microsoft.com/download/FrontPage2002/fpse1002/1/W98NT42KMeXP/EN-US/fpse1002.exe
SharePoint Team Services 2002我们建议采用Office XP SP-2. 如果有原因不能采用Office XP SP2,我们建议使用上面的FrontPage Server Extensions 2002补丁。
Microsoft FrontPage Server Extension 2000 for NT4 http://download.microsoft.com/download/fp2000fd2000/Patch/1/W9XNT4Me/EN-US/fpse0901.exe
Microsoft FrontPage Server Extensions 2000 for Windows XP
http://www.microsoft.com/downloads/release.asp?ReleaseID=42995
Windows Update
Microsoft FrontPage Server Extensions 2000 for Windows 2000
http://www.microsoft.com/downloads/release.asp?ReleaseID=42954
Windows Update
相关信息
参考:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-053.asp
|
