漏洞信息详情
Microsoft FrontPage Server Extensions远程缓冲区溢出漏洞(MS03-051)
- CNNVD编号:CNNVD-200312-053 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2003-0824
- 漏洞类型: 其他
- 发布时间: 2003-11-05
- 威胁类型: 远程
- 更新时间: 2019-05-05
- 厂 商: microsoft
- 漏洞来源: Microsoft Security...
-
漏洞简介
Microsoft FrontPage服务器扩展是Microsoft公司开发的用于加强IIS Web服务器的功能的软件包。Microsoft FrontPage Server Extensions存在两个新的安全漏洞,可导致远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以FrontPage进程权限在系统上执行任意指令。第一个漏洞是由于FrontPage服务扩展的远程调试功能上存在缓冲区溢出,这个功能用于用户远程连接FrontPage服务扩展的服务器和远程调试内容使用,如Visual Interdev。攻击者成功利用这个漏洞可以以本地SYSTEM权限在系统上执行任意指令,然后在系统上执行任意操作,如安装程序,查看更改或删除数据,建立拥有全部权限的帐户等。第二个漏洞存在与SmartHTML解析器中,提供对WEB表单和其他基于FrontPage动态内容的支持,攻击者利用这个漏洞可以使运行FrontPage服务扩展的服务器临时停止对正常请求的响应。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 使用IIS Lockdown工具在IIS Server中禁用FrontPage Server Extensions。
* 如果您不需要使用FrontPage Server Extensions, 您还可以通过控制面板中的"添加/删除程序"来卸载FrontPage Server Extensions。
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS03-051)以及相应补丁:
MS03-051:Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)
链接:
http://www.microsoft.com/technet/security/bulletin/MS03-051.asp" target="_blank">
http://www.microsoft.com/technet/security/bulletin/MS03-051.asp
补丁下载:
Microsoft FrontPage Server Extensions 2000
http://www.microsoft.com/downloads/details.aspx?FamilyId=C84C3D10-A821-4819-BF58-D3BC70A77BFA&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=C84C3D10-A821-4819-BF58-D3BC70A77BFA&displaylang=en
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows 2000)
http://www.microsoft.com/downloads/details.aspx?FamilyId=057D5F0E-0E2B-47D2-9F0F-3B15DD8622A2&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=057D5F0E-0E2B-47D2-9F0F-3B15DD8622A2&displaylang=en
Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP)
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B302532-BFAB-489B-82DC-ED1E49A16E1C&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B302532-BFAB-489B-82DC-ED1E49A16E1C&displaylang=en
Microsoft FrontPage Server Extensions 2002
http://www.microsoft.com/downloads/details.aspx?FamilyId=3E8A21D9-708E-4E69-8299-86C49321EE25&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=3E8A21D9-708E-4E69-8299-86C49321EE25&displaylang=en
Microsoft SharePoint Team Services 2002 (shipped with Office XP)
http://www.microsoft.com/downloads/details.aspx?FamilyId=5923FC2F-D786-4E32-8F15-36A1C9E0A340&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=5923FC2F-D786-4E32-8F15-36A1C9E0A340&displaylang=en
参考网址
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A591
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A606
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A308
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/13680
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A625
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/179012
来源:SECUNIA
链接:http://secunia.com/advisories/10195
来源:MS
链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A762
受影响实体
- Microsoft Windows_xp:Gold:Professional<!--2000-1-1-->
- Microsoft Windows_xp:Sp1:Home<!--2000-1-1-->
- Microsoft Windows_xp:Sp1:64-Bit<!--2000-1-1-->
- Microsoft Windows_2000:Sp2:Datacenter_server<!--2000-1-1-->
- Microsoft Windows_2000:Sp2:Professional<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...