Microsoft Windows HTML Help API权限提升漏洞

发布时间：2003-10-24
更新时间：2003-10-24
严重程度：中
威胁程度：权限提升
错误类型：设计错误
利用方式：服务器模式

BUGTRAQ ID：8884

受影响系统

Microsoft HTML Help Control 5.2.3735 .1
   +Microsoft Windows 2000 Advanced Server
   +Microsoft Windows 2000 Advanced Server SP1
   +Microsoft Windows 2000 Advanced Server SP2
   +Microsoft Windows 2000 Advanced Server SP3
   +Microsoft Windows 2000 Advanced Server SP4
   +Microsoft Windows 2000 Datacenter Server
   +Microsoft Windows 2000 Datacenter Server SP1
   +Microsoft Windows 2000 Datacenter Server SP2
   +Microsoft Windows 2000 Datacenter Server SP3
   +Microsoft Windows 2000 Datacenter Server SP4
   +Microsoft Windows 2000 Professional
   +Microsoft Windows 2000 Professional SP1
   +Microsoft Windows 2000 Professional SP2
   +Microsoft Windows 2000 Professional SP3
   +Microsoft Windows 2000 Professional SP4
   +Microsoft Windows 2000 Server
   +Microsoft Windows 2000 Server SP1
   +Microsoft Windows 2000 Server SP2
   +Microsoft Windows 2000 Server SP3
   +Microsoft Windows 2000 Server SP4
   +Microsoft Windows 2000 Server Japanese Edition
   +Microsoft Windows 2000 Terminal Services
   +Microsoft Windows 2000 Terminal Services SP1
   +Microsoft Windows 2000 Terminal Services SP2
   +Microsoft Windows 2000 Terminal Services SP3
   +Microsoft Windows 2000 Terminal Services SP4
   +Microsoft Windows 98
   +Microsoft Windows 98 a
   +Microsoft Windows 98 b
   +Microsoft Windows 98 j
   +Microsoft Windows 98 SP1
   +Microsoft Windows 98 With Plus! Pack
   +Microsoft Windows 98SE
   +Microsoft Windows ME
   +Microsoft Windows NT 3.5
   +Microsoft Windows NT 3.5.1
   +Microsoft Windows NT 3.5.1 SP1
   +Microsoft Windows NT 3.5.1 SP2
   +Microsoft Windows NT 3.5.1 SP3
   +Microsoft Windows NT 3.5.1 SP4
   +Microsoft Windows NT 3.5.1 SP5
   +Microsoft Windows NT 3.5.1 SP5 alpha
   +Microsoft Windows NT 4.0
   +Microsoft Windows NT 4.0 alpha
   +Microsoft Windows NT 4.0 SP1
   +Microsoft Windows NT 4.0 SP1 alpha
   +Microsoft Windows NT 4.0 SP2
   +Microsoft Windows NT 4.0 SP2 alpha
   +Microsoft Windows NT 4.0 SP3
   +Microsoft Windows NT 4.0 SP3 alpha
   +Microsoft Windows NT 4.0 SP3 alpha
   +Microsoft Windows NT 4.0 SP4
   +Microsoft Windows NT 4.0 SP4 alpha
   +Microsoft Windows NT 4.0 SP5
   +Microsoft Windows NT 4.0 SP5 alpha
   +Microsoft Windows NT 4.0 SP6
   +Microsoft Windows NT 4.0 SP6 alpha
   +Microsoft Windows NT 4.0 SP6a
   +Microsoft Windows NT 4.0 SP6a alpha
   +Microsoft Windows NT Enterprise Server 4.0
   +Microsoft Windows NT Enterprise Server 4.0 SP1
   +Microsoft Windows NT Enterprise Server 4.0 SP2
   +Microsoft Windows NT Enterprise Server 4.0 SP3
   +Microsoft Windows NT Enterprise Server 4.0 SP4
   +Microsoft Windows NT Enterprise Server 4.0 SP5
   +Microsoft Windows NT Enterprise Server 4.0 SP6
   +Microsoft Windows NT Enterprise Server 4.0 SP6a
   +Microsoft Windows NT Server 4.0
   +Microsoft Windows NT Server 4.0 SP1
   +Microsoft Windows NT Server 4.0 SP2
   +Microsoft Windows NT Server 4.0 SP3
   +Microsoft Windows NT Server 4.0 SP4
   +Microsoft Windows NT Server 4.0 SP5
   +Microsoft Windows NT Server 4.0 SP6
   +Microsoft Windows NT Server 4.0 SP6a
   +Microsoft Windows NT Terminal Server 4.0
   +Microsoft Windows NT Terminal Server 4.0 alpha
   +Microsoft Windows NT Terminal Server 4.0 SP1
   +Microsoft Windows NT Terminal Server 4.0 SP2
   +Microsoft Windows NT Terminal Server 4.0 SP3
   +Microsoft Windows NT Terminal Server 4.0 SP4
   +Microsoft Windows NT Terminal Server 4.0 SP5
   +Microsoft Windows NT Terminal Server 4.0 SP6
   +Microsoft Windows NT Workstation 4.0
   +Microsoft Windows NT Workstation 4.0 SP1
   +Microsoft Windows NT Workstation 4.0 SP2
   +Microsoft Windows NT Workstation 4.0 SP3
   +Microsoft Windows NT Workstation 4.0 SP4
   +Microsoft Windows NT Workstation 4.0 SP5
   +Microsoft Windows NT Workstation 4.0 SP6
   +Microsoft Windows NT Workstation 4.0 SP6a
   +Microsoft Windows Server 2003 Datacenter Edition
   +Microsoft Windows Server 2003 Datacenter Edition 64-bit
   +Microsoft Windows Server 2003 Enterprise Edition
   +Microsoft Windows Server 2003 Enterprise Edition 64-bit
   +Microsoft Windows Server 2003 Standard Edition
   +Microsoft Windows Server 2003 Web Edition
   +Microsoft Windows XP
   +Microsoft Windows XP 64-bit Edition
   +Microsoft Windows XP 64-bit Edition SP1
   +Microsoft Windows XP 64-bit Edition Version 2003
   +Microsoft Windows XP Embedded
   +Microsoft Windows XP Embedded SP1
   +Microsoft Windows XP Home
   +Microsoft Windows XP Home SP1
   +Microsoft Windows XP Media Center Edition
   +Microsoft Windows XP Professional
   +Microsoft Windows XP Professional SP1
   +Microsoft Windows XP Tablet PC Edition

详细描述
Microsoft HTML Help API在调用Microsoft IE的时候没有降低调用进程的高权限，这样攻击者有可能利用MSIE的组件来浏览本机的文件系统并以调用HTML Help API进程的权限执行任意命令，从而造成权限提升。

解决方案
厂商还未提供解决方案。

相关信息
"Brett Moore" <brett.moore@security-assessment.com>

HTML Help API - Privilege Escalation
http://online.securityfocus.com/archive/1/342312

最近严重漏洞

Microsoft Windows HTML Help API权限提升漏洞