Board logo

标题: [转帖]Microsoft Internet Explorer Javaprxy.DLL COM对象堆溢出漏 [打印本页]

作者: 坏的刚刚好    时间: 2006-9-23 02:05     标题: [转帖]Microsoft Internet Explorer Javaprxy.DLL COM对象堆溢出漏

严重程度:高 威胁程度:控制应用程序系统 错误类型:边界检查错误 利用方式:客户机模式 BUGTRAQ ID:14087 受影响系统 Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition 64-bit + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition 64-bit + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Professional Microsoft Internet Explorer 5.5 SP2 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a Microsoft Internet Explorer 5.5 SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a Microsoft Internet Explorer 5.5 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 + Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a Microsoft Internet Explorer 5.0.1 SP4 Microsoft Internet Explorer 5.0.1 SP3 Microsoft Internet Explorer 5.0.1 SP2 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a Microsoft Internet Explorer 5.0.1 SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a Microsoft Internet Explorer 5.0.1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a 详细描述 Microsoft Internet Explorer存在一个堆溢出漏洞。当一个恶意的网页实例化';javaprxy.dll'; COM对象时,可能导致堆溢出,成功利用该漏洞能够以客房端上下文执行任意代码。 测试代码 Microsoft Internet Explorer javaprxy.dll COM Object Remote Exploit by the FrSIRT < http://www.frsirt.com > Solution - http://www.frsirt.com/english/advisories/2...t; 解决方案 The vendor has released an advisory (Microsoft Security Advisory (903144)); this advisory contains workarounds that may be applied to prevent exploitation of this issue. Customers are highly advised to peruse the referenced advisory for further information. ============================================================ 微软已经发布安全建议(Microsoft Security Advisory (903144)),该建议包含了可能防止该漏洞的方法。强烈建议用户参考该建议获取更多信息。 相关信息 http://www.securityfocus.net/bid/14087/




欢迎光临 黑色海岸线论坛 (http://bbs.thysea.com/) Powered by Discuz! 7.2