漏洞起因
竞争条件错误
危险等级
低
影响系统
Microsoft Internet Explorer 8
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0 SP3
Microsoft Internet Explorer 6.0 SP2
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
不受影响系统
危害
远程攻击者可以利用漏洞以应用程序安全上下文执行任意指令。
攻击所需条件
攻击者必须构建恶意WEB页,诱使用户访问。
漏洞信息
Microsoft Internet Explorer是一款流行的WEB浏览器。
Internet Explorer访问对象时存在一个竞争条件错误,可触发内存破坏攻击。
构建恶意WEB页,诱使用户访问,可导致以应用程序安全上下文执行任意指令。
测试方法
厂商解决方案
用户可参考如下供应商提供的安全补丁:
Microsoft Internet Explorer 7.0
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8753ae27-60a4 -475a-b8bc-6a7764480295
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=5ef8abf0-c89e -4911-8d77-42400d9a398f
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=fd3e9d06-1f8b -4ef7-84f6-61e85a1767b8
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (K
http://www.microsoft.com/downloads/details.aspx?FamilyID=5e730064-8270 -4d63-b497-c5ebeddea1fc
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=4b489f8c-ada0 -4051-8284-0a941c04d2ed
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?FamilyID=2f1eee63-2cca -4ec5-b196-36de3c0054cf
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8239cb9e-bb5a -4157-8038-33d0b329eaee
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=cd1185e3-ca22 -4197-a53b-e7a2806ac352
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=535c563e-cdac -4e3d-96b0-9947ea22deca
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=5296fb82-c446 -4681-a9a0-0f80a2e248be
Microsoft Internet Explorer 8
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=863edf45-0d3b -4408-a47c-258dc4a4fd94
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Syste
http://www.microsoft.com/downloads/details.aspx?familyid=7b457d04-03a9 -4eb0-ba6a-ab45267e4f74
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=409b9298-1e7d -48cf-9872-ffbdc56ebe53
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=1662780f-370a -425b-9917-c601eb54a375
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=e7757bbc-3ef0 -421d-ab57-0083a302c77b
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=ca57a47a-9111 -4abe-9356-4962ca2c1d65
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=2062566b-8b81 -43c2-875d-9c06d4e3fa82
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=f8ae3978-bad6 -4201-8357-2d212ab703ef
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=ecaf42e0-a288 -40c1-8602-21e967a87408
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=65b04e29-8e39 -46de-94e8-b653969b1ffd
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=9b869bab-0797 -4f83-8c64-23dda9983c8d
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=772e765d-0502 -4b0b-bde8-d4f62b96db64
Microsoft Internet Explorer 6.0
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=b0370e1e-dedf -4fe8-a06c-0e0f0a674205
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB2
http://www.microsoft.com/downloads/details.aspx?FamilyID=782e2963-4a52 -4a1d-b99a-34ba841038a7
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=d92f5e69-43cf -4615-aa3b-41f9f40bb57b
Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=bc949915-4e16 -4897-a295-2f99102548ab
Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=96b7a562-af16 -4f0d-840c-838fb12e7419
漏洞提供者
Nicolas Joly of VUPEN Vulnerability Research Team
0 条评论。