漏洞起因
设计错误
影响系统
Microsoft Internet Explorer 8
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
不受影响系统
危害
远程攻击者可以利用漏洞以登录用户进程权限执行任意指令。
攻击所需条件
攻击者必须构建恶意WEB页,诱使用户打开。
漏洞信息
Microsoft Internet Explorer是一款流行的WEB浏览器。
特定DOM对象的拷贝构造器存在缺陷,当复制时,可分配不止一个的引用给它相关的属性,当变量/对象超出范围时,这些属性会被释放两次,结果导致堆破坏而以当前用户安全上下文执行任意代码。
测试方法
厂商解决方案
用户可参考如下供应商提供的补丁:
Microsoft Internet Explorer 6.0 SP1
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8154ba37-0fbc -4d31-9d6e-0b21586ad65a
Microsoft Internet Explorer 7.0
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=4647bcf1-69fb -4ad6-9e03-7bc22d8a914b
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (K
http://www.microsoft.com/downloads/details.aspx?FamilyID=07e66c09-2cd7 -47ba-bf87-d3da602184b4
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=e7d77bd9-8317 -42f3-9ad1-a0b8bfa65b53
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=dc166dc6-577f -4d8d-94df-dd963233dd85
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=bd54e595-25f2 -4839-a838-2a0f809bde2b
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=72dd580e-eb53 -41da-a5c0-a392ad388bfc
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=e81f30b7-ef05 -4488-b62a-d330e17129cf
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=0111d741-bda4 -4a50-a12b-d3337ff4441d
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=f6995616-2a84 -4c26-9599-26f1314873ed
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=b3de5236-afdd -436e-8648-5382d564cc99
Microsoft Internet Explorer 8
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=9eae7eca-1a6f -4397-a6e2-7dda6b9d5276
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=708a549d-11fd -43bf-a6e1-309e3205d59d
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=8799159d-df69 -49f6-9db5-49147690ce0c
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=77b18fc2-e769 -47c6-8e72-916716a49e58
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=89d1fb78-68cd -48dd-afc2-15a79ebe9fde
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=10d9f7ac-65f4 -437c-91cc-171632c69b0e
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=1baf7e96-ba3e -47e7-8ea3-eb092e653a39
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Syste
http://www.microsoft.com/downloads/details.aspx?familyid=9b6a28ae-b3f2 -42b0-8209-e3950ec37abb
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=f50307d6-7869 -4996-9ff7-23f87d08994b
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=7a4b755b-7fa0 -43aa-8862-c1d0c7d94c2c
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=e8f6014f-950b -4e11-a105-51d298069f1a
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=85978f28-5fc0 -481b-9b03-2021c785889b
Microsoft Internet Explorer 6.0
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8101625d-ee93 -46e5-aec2-3bdbf2d86472
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB9
http://www.microsoft.com/downloads/details.aspx?familyid=79a1a94d-3b47 -47e9-9476-2f591c3f6a59
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=2f966053-01eb -4a23-a9d5-71deac2498ea
Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=9aacf890-afb4 -46a7-a13f-dd9fe3c0ca4a
Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=89a2cf2a-a7a2 -4d4b-aa6f-24dde288d500
漏洞提供者
TippingPoint and the Zero Day Initiative
0 条评论。