|
|
Microsoft Internet Explorer绕过区域限制漏洞
发布时间:2003-08-20
更新时间:2003-08-26
严重程度:中
威胁程度:普通用户访问权限
错误类型:设计错误
利用方式:客户机模式
BUGTRAQ ID:8457
CVE(CAN) ID:CAN-2003-0531
受影响系统Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.0.1 SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.0.1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.5 SP2
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.5 SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 5.5
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 95
-Microsoft Windows 98
+Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Terminal Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6a
+Microsoft Windows Server 2003 Datacenter Edition
+Microsoft Windows Server 2003 Datacenter Edition 64-bit
+Microsoft Windows Server 2003 Enterprise Edition
+Microsoft Windows Server 2003 Enterprise Edition 64-bit
+Microsoft Windows Server 2003 Standard Edition
+Microsoft Windows Server 2003 Web Edition 详细描述
Microsoft Internet Explorer在处理经过缓存数据的方式上存在一个漏洞,远程攻击者可能利用此漏洞从一个不可访问的区域在用户机器执行任意代码,一个恶意的Web脚本可以在My Computer区域的权限内访问到数据。由于My Computer区域一般比Internet区域较少限制,如果成功利用漏洞可以允许攻击者访问或执行一个已经存在于文件系统中的文件。攻击者可以使用户下载一个恶意的可执行程序到"Temporary Internet Files"目录,随后以用户的权限执行之。此漏洞影响Internet Explorer 5.01、5.5及6.0。
解决方案
厂商已经发布了补丁:
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
相关信息
[SNS Advisory No.67] The Return of the Content-Disposition Vulnerability in IE
http://online.securityfocus.com/archive/1/334358
|
