|
|
Microsoft Internet Explorer plugin.ocx EnableFullPage输入验证漏洞
发布时间:2003-05-25
更新时间:2003-05-25
严重程度:中
威胁程度:普通用户访问权限
错误类型:输入验证错误
利用方式:客户机模式
BUGTRAQ ID:7491
CVE(CAN) ID:CAN-2003-0115
受影响系统Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.0.1 SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.0.1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.5 SP2
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.5 SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.5
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
+Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6a 详细描述
在某些配置环境下Microsoft Internet Explorer plugin.ocx存在输入验证漏洞,plugin.ocx没有对可由一个第三方文件提供的EnableFullPage参数做充分的过滤,攻击者可以在此参数中插入任意的脚本代码,这些代码会被Internet Explorer所执行。
解决方案
厂商已经提供了补丁以修复此漏洞:
Microsoft Internet Explorer 5.0.1 SP3:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Information regarding downloading and installing cumulative patch Q813489.exe.
Microsoft Internet Explorer 5.5 SP2:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Information regarding downloading and installing cumulative patch Q813489.exe.
Microsoft Internet Explorer 6.0 SP1:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Information regarding downloading and installing cumulative patch Q813489.exe.
Microsoft Internet Explorer 6.0:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Information regarding downloading and installing cumulative patch Q813489.exe.
相关信息
Microsoft Security Bulletin MS03-015
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-015.asp
|
