Microsoft Internet Explorer ‘deflate’ HTTP编码远程代码执行漏洞

漏洞起因
设计错误
 
影响系统
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1
 
不受影响系统
 
危害
远程攻击者可以利用漏洞以登录用户进程权限执行任意指令。
 
攻击所需条件
攻击者必须构建恶意WEB页,诱使用户打开。
 
漏洞信息
Microsoft Internet Explorer是一款流行的WEB浏览器。
Microsoft Internet Explorer处理“Content-Encoding:deflate”实现存在问题,如下两行HTTP应答可触发此漏洞:
HTTP/.\nContent-Encoding:deflate\r\t\n\r\n\x20\x20
HTTP \nContent-Encoding:deflate\nContent-Range:\n\n”
漏洞允许内存破坏,可导致任意代码执行。
 
测试方法
 
厂商解决方案
用户可参考如下供应商提供的补丁:
Microsoft Internet Explorer 6.0 SP1
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8154ba37-0fbc -4d31-9d6e-0b21586ad65a
Microsoft Internet Explorer 7.0
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=4647bcf1-69fb -4ad6-9e03-7bc22d8a914b
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (K
http://www.microsoft.com/downloads/details.aspx?FamilyID=07e66c09-2cd7 -47ba-bf87-d3da602184b4
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=e7d77bd9-8317 -42f3-9ad1-a0b8bfa65b53
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=dc166dc6-577f -4d8d-94df-dd963233dd85
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=bd54e595-25f2 -4839-a838-2a0f809bde2b
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=72dd580e-eb53 -41da-a5c0-a392ad388bfc
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=e81f30b7-ef05 -4488-b62a-d330e17129cf
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=0111d741-bda4 -4a50-a12b-d3337ff4441d
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=f6995616-2a84 -4c26-9599-26f1314873ed
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=b3de5236-afdd -436e-8648-5382d564cc99
Microsoft Internet Explorer 6.0
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8101625d-ee93 -46e5-aec2-3bdbf2d86472
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB9
http://www.microsoft.com/downloads/details.aspx?familyid=79a1a94d-3b47 -47e9-9476-2f591c3f6a59
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=2f966053-01eb -4a23-a9d5-71deac2498ea
Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=9aacf890-afb4 -46a7-a13f-dd9fe3c0ca4a
Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=89a2cf2a-a7a2 -4d4b-aa6f-24dde288d500
Microsoft Internet Explorer 5.0.1
Microsoft Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=26515c7b-d7a6 -4405-96b5-a518dcb39d38
 
漏洞提供者
Skylined of Google Inc
 

发表评论?

0 条评论。

发表评论