正文

Microsoft Internet Explorer 属性赋值 任意代码执行漏洞

admin
admin V管理员 /0 评论 /5 阅读
0104
此篇文章发布距今已超过1274天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Microsoft Internet Explorer 属性赋值 任意代码执行漏洞

  • CNNVD编号:CNNVD-200802-230
    • <!--
  • 危害等级: 超危-->
  • 危害等级: 超危
  • CVE编号: CVE-2008-0077
  • 漏洞类型: 资源管理错误
  • 发布时间: 2008-02-12
  • 威胁类型: 远程
  • 更新时间: 2021-07-27
  • 厂        商: microsoft
  • 漏洞来源: An anonymous resea...

漏洞简介

Microsoft Internet Explorer 6 SP1,6 SP2和7中的使用后释放漏洞允许远程攻击者通过对某些属性(properties)赋予异常的值来执行任意代码。Animate Motion SVG元件的特性证实了这一点。 该漏洞又称\"属性内存破坏漏洞\"(Property Memory Corruption Vulnerability)。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Microsoft Internet Explorer 6.0 SP1

Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB944533)

http://www.microsoft.com/downloads/details.aspx?Familyid=87E66DCE-5060-4814-8754-829B4E190359&displaylang=en">

http://www.microsoft.com/downloads/details.aspx?Familyid=87E66DCE-5060

-4814-8754-829B4E190359&displaylang=en

Microsoft Internet Explorer 6.0

Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB944533)

http://www.microsoft.com/downloads/details.aspx?Familyid=429B7ED1-FE78-459A-B834-D0F3C69CB703&displaylang=en">

http://www.microsoft.com/downloads/details.aspx?Familyid=429B7ED1-FE78

-459A-B834-D0F3C69CB703&displaylang=en

Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB944533)

http://www.microsoft.com/downloads/details.aspx?Familyid=E989E23C-38BB-4FE7-A830-D7BDF7659392&displaylang=en">

http://www.microsoft.com/downloads/details.aspx?Familyid=E989E23C-38BB

-4FE7-A830-D7BDF7659392&displaylang=en

Microsoft Cumulative Security Update for Internet Explorer for Windows XP Service Pack 2 (KB944533)

http://www.microsoft.com/downloads/details.aspx?Familyid=BB2AA3CB-021F-4890-AB20-2A51F8E17554&displaylang=en">

http://www.microsoft.com/downloads/details.aspx?Familyid=BB2AA3CB-021F

-4890-AB20-2A51F8E17554&displaylang=en

Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB944533)

http://www.microsoft.com/downloads/details.aspx?Familyid=8989F576-8B30-4866-90EC-929D24F3B409&displaylang=en">

http://www.microsoft.com/downloads/details.aspx?Familyid=8989F576-8B30

-4866-90EC-929D24F3B409&displaylang=en

参考网址

来源:SECUNIA

链接:http://secunia.com/advisories/28903

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/488048/100/0/threaded

来源:CERT

链接:http://www.us-cert.gov/cas/techalerts/TA08-043C.html

来源:BID

链接:https://www.securityfocus.com/bid/27666

来源:CERT-VN

链接:http://www.kb.cert.org/vuls/id/228569

来源:MISC

链接:http://www.zerodayinitiative.com/advisories/ZDI-08-006.html

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2008/0512/references

来源:IDEFENSE

链接:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661

来源:HP

链接:http://marc.info/?l=bugtraq&m=120361015026386&w=2

来源:MS

链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5396

来源:SECTRACK

链接:http://www.securitytracker.com/id?1019380

来源:BID

链接:http://www.securityfocus.com/bid/27666

受影响实体

  • Microsoft Ie:7  
    <!--
    2000-1-1
    -->
  • Microsoft Ie:6:Sp1  
    <!--
    2000-1-1
    -->
  • Microsoft Ie:6  
    <!--
    2000-1-1
    -->

补丁

    暂无