|
|
Microsoft Internet Explorer plugin.ocx Load()方法缓冲区溢出漏洞
发布时间:2003-05-25
更新时间:2003-05-25
严重程度:高
威胁程度:普通用户访问权限
错误类型:边界检查错误
利用方式:客户机模式
BUGTRAQ ID:7420
CVE(CAN) ID:CAN-2003-0233
受影响系统Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.0.1 SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.0.1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.5 SP2
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.5 SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.5
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
+Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6a 详细描述
Microsoft Internet Explorer plugin.ocx在某些配置环境下存在缓冲区溢出漏洞。程序中的Load()方法可以被提供一个第三方的文件类型,而Load()方法并没有对其进行充分的边界检查,攻击者可以通过提供一个指向第三方文件的恶意的URL导致缓冲区溢出而执行任意指令,进一步的研究发现这是一个plugin.ocx中的堆溢出。
解决方案
厂商已经提供了补丁:
Microsoft Internet Explorer 5.0.1 SP3:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Information regarding downloading and installing cumulative patch Q813489.exe.
Microsoft Internet Explorer 5.5 SP2:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Information regarding downloading and installing cumulative patch Q813489.exe.
Microsoft Internet Explorer 6.0 SP1:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Information regarding downloading and installing cumulative patch Q813489.exe.
Microsoft Internet Explorer 6.0:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489default.asp
Information regarding downloading and installing cumulative patch Q813489.exe.
相关信息
Microsoft Security Bulletin MS03-015
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-015.asp
|
