ZeroBox Vulnerability Database

漏洞起因
设计错误
 
影响系统
Microsoft Internet Explorer 8
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1
 
不受影响系统
 
危害
远程攻击者可以利用漏洞以登录用户进程权限执行任意指令。
 
攻击所需条件
攻击者必须构建恶意WEB页，诱使用户打开。
 
漏洞信息
Microsoft Internet Explorer是一款流行的WEB浏览器。
Microsoft Internet Explorer在特定条件下处理变量参数的校验时存在漏洞，攻击者可以构建特殊的WEB页，诱使用户查看，允许任意代码执行。成功利用此漏洞允许获得以登录用户安全上下文相等的权限。
 
测试方法
 
厂商解决方案
用户可参考如下供应商提供的补丁：
Microsoft Internet Explorer 6.0 SP1
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8154ba37-0fbc -4d31-9d6e-0b21586ad65a
Microsoft Internet Explorer 7.0
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=4647bcf1-69fb -4ad6-9e03-7bc22d8a914b
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (K
http://www.microsoft.com/downloads/details.aspx?FamilyID=07e66c09-2cd7 -47ba-bf87-d3da602184b4
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=e7d77bd9-8317 -42f3-9ad1-a0b8bfa65b53
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=dc166dc6-577f -4d8d-94df-dd963233dd85
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=bd54e595-25f2 -4839-a838-2a0f809bde2b
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=72dd580e-eb53 -41da-a5c0-a392ad388bfc
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=e81f30b7-ef05 -4488-b62a-d330e17129cf
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=0111d741-bda4 -4a50-a12b-d3337ff4441d
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=f6995616-2a84 -4c26-9599-26f1314873ed
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=b3de5236-afdd -436e-8648-5382d564cc99
Microsoft Internet Explorer 8
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=9eae7eca-1a6f -4397-a6e2-7dda6b9d5276
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=708a549d-11fd -43bf-a6e1-309e3205d59d
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=8799159d-df69 -49f6-9db5-49147690ce0c
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=77b18fc2-e769 -47c6-8e72-916716a49e58
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=89d1fb78-68cd -48dd-afc2-15a79ebe9fde
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=10d9f7ac-65f4 -437c-91cc-171632c69b0e
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=1baf7e96-ba3e -47e7-8ea3-eb092e653a39
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Syste
http://www.microsoft.com/downloads/details.aspx?familyid=9b6a28ae-b3f2 -42b0-8209-e3950ec37abb
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=f50307d6-7869 -4996-9ff7-23f87d08994b
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=7a4b755b-7fa0 -43aa-8862-c1d0c7d94c2c
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=e8f6014f-950b -4e11-a105-51d298069f1a
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=85978f28-5fc0 -481b-9b03-2021c785889b
Microsoft Internet Explorer 6.0
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8101625d-ee93 -46e5-aec2-3bdbf2d86472
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB9
http://www.microsoft.com/downloads/details.aspx?familyid=79a1a94d-3b47 -47e9-9476-2f591c3f6a59
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?familyid=2f966053-01eb -4a23-a9d5-71deac2498ea
Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=9aacf890-afb4 -46a7-a13f-dd9fe3c0ca4a
Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=89a2cf2a-a7a2 -4d4b-aa6f-24dde288d500
Microsoft Internet Explorer 5.0.1
Microsoft Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB974455)
http://www.microsoft.com/downloads/details.aspx?FamilyID=26515c7b-d7a6 -4405-96b5-a518dcb39d38
 
漏洞提供者
Microsoft