漏洞起因
异常条件处理失败错误
危险等级
低
影响系统
Microsoft Internet Explorer 8
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
不受影响系统
危害
远程攻击者可以利用漏洞以应用程序安全上下文执行任意指令。
攻击所需条件
攻击者必须构建恶意WEB页,诱使用户访问。
漏洞信息
Microsoft Internet Explorer是一款流行的WEB浏览器。
Internet Explorer在尝试访问未初始化或已删除对象时存在错误,可触发内存破坏攻击。
构建恶意WEB页,诱使用户访问,可导致以应用程序安全上下文执行任意指令。
测试方法
厂商解决方案
用户可参考如下供应商提供的安全补丁:
Microsoft Internet Explorer 7.0
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8753ae27-60a4 -475a-b8bc-6a7764480295
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=cd1185e3-ca22 -4197-a53b-e7a2806ac352
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=fd3e9d06-1f8b -4ef7-84f6-61e85a1767b8
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=4b489f8c-ada0 -4051-8284-0a941c04d2ed
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8239cb9e-bb5a -4157-8038-33d0b329eaee
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=5ef8abf0-c89e -4911-8d77-42400d9a398f
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=535c563e-cdac -4e3d-96b0-9947ea22deca
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=5296fb82-c446 -4681-a9a0-0f80a2e248be
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (K
http://www.microsoft.com/downloads/details.aspx?FamilyID=5e730064-8270 -4d63-b497-c5ebeddea1fc
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?FamilyID=2f1eee63-2cca -4ec5-b196-36de3c0054cf
Microsoft Internet Explorer 8
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=863edf45-0d3b -4408-a47c-258dc4a4fd94
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=2062566b-8b81 -43c2-875d-9c06d4e3fa82
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=ecaf42e0-a288 -40c1-8602-21e967a87408
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=1662780f-370a -425b-9917-c601eb54a375
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=e7757bbc-3ef0 -421d-ab57-0083a302c77b
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=ca57a47a-9111 -4abe-9356-4962ca2c1d65
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Syste
http://www.microsoft.com/downloads/details.aspx?familyid=7b457d04-03a9 -4eb0-ba6a-ab45267e4f74
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=f8ae3978-bad6 -4201-8357-2d212ab703ef
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=409b9298-1e7d -48cf-9872-ffbdc56ebe53
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=65b04e29-8e39 -46de-94e8-b653969b1ffd
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=9b869bab-0797 -4f83-8c64-23dda9983c8d
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?familyid=772e765d-0502 -4b0b-bde8-d4f62b96db64
Microsoft Internet Explorer 6.0
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=d92f5e69-43cf -4615-aa3b-41f9f40bb57b
Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=bc949915-4e16 -4897-a295-2f99102548ab
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=b0370e1e-dedf -4fe8-a06c-0e0f0a674205
Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB2
http://www.microsoft.com/downloads/details.aspx?FamilyID=782e2963-4a52 -4a1d-b99a-34ba841038a7
Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB2183461)
http://www.microsoft.com/downloads/details.aspx?FamilyID=96b7a562-af16 -4f0d-840c-838fb12e7419
漏洞提供者
Nicolas Joly of VUPEN Vulnerability Research Team
0 条评论。