漏洞起因
边界条件错误
影响系统
Microsoft Internet Explorer 8
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
不受影响系统
危害
远程攻击者可以利用漏洞获得敏感信息。
攻击所需条件
攻击者必须构建恶意WEB页,诱使用户打开。
漏洞信息
Microsoft Internet Explorer是一款流行的WEB浏览器。
Microsoft Internet Explorer在解析X.509证书中的ASN.1对象识别符时存在一个整数溢出错误,攻击者可以构建一个包含特殊构建的对象识别符(OID)的证书,伪造可信页面,诱使用户访问泄漏敏感信息。
测试方法
厂商解决方案
用户可参考如下供应商提供的补丁:
Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/de…=52b9198d-b65f-467a-a5ab-141e23d64a86
Windows XP SP2 / SP3:
http://www.microsoft.com/downloads/de…=9c5ab624-e37b-418a-a919-d8f652b15679
Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/de…=ad29696d-4611-4a12-9dfa-74fa6866b759
Windows Server 2003 SP2:
http://www.microsoft.com/downloads/de…=49e9cc53-cf17-4bc7-aaaa-92213167e1a9
Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/de…=d170cef9-f5d2-4fcd-997b-e778ad5a6797
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/de…=2ede1eb9-7f5f-411d-bbc3-5db46d80e0bb
Windows Vista (optionally with SP1 and SP2):
http://www.microsoft.com/downloads/de…=8b5a9a95-9439-40c8-acef-000b919daa04
Windows Vista x64 Edition (optionally with SP1 and SP2):
http://www.microsoft.com/downloads/de…=4a60f789-1a4a-49a8-8d13-fda989ed40be
Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/de…=f9b487af-fe73-42a8-b240-d59c4321f95b
Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/de…=0d8a2a3e-d7d4-47fb-8364-16fce28e4d38
Windows Server 2008 for Itanium-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/de…=8962f0b6-f346-4e88-9d83-4d15b699dd9d
Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/de…=ad6f06d5-27db-445d-a8b2-c42adc90afc0
Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/de…=70cd0270-77e9-492a-82d9-798364640c10
Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/de…=ce78c019-ec08-4ec6-abec-334f5ec5cb76
Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/de…=6442a77a-3c0d-4beb-b2d2-2885376c2135
漏洞提供者
Dan Kaminsky, Len Sassaman, and Meredith Patterson
0 条评论。