Microsoft Windows Movie Maker远程缓冲区溢出漏洞

漏洞起因
边界条件错误
危险等级

 
影响系统
Microsoft Windows XP Tablet PC Edition SP3
Microsoft Windows XP Professional x64 Edition SP3
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows XP Professional SP3
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Home SP3
Microsoft Windows XP Embedded SP3
Microsoft Windows Vista x64 Edition SP2
Microsoft Windows Vista x64 Edition SP1
Microsoft Windows Vista Ultimate 64-bit edition SP2
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Vista Home Premium 64-bit edition SP2
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows Vista Home Basic 64-bit edition SP2
Microsoft Windows Vista Home Basic 64-bit edition SP1
Microsoft Windows Vista Enterprise 64-bit edition SP2
Microsoft Windows Vista Enterprise 64-bit edition SP1
Microsoft Windows Vista Business 64-bit edition SP2
Microsoft Windows Vista Business 64-bit edition SP1
Microsoft Windows Vista Ultimate SP2
Microsoft Windows Vista Ultimate SP1
Microsoft Windows Vista SP2
Microsoft Windows Vista SP1
Microsoft Windows Vista Home Premium SP2
Microsoft Windows Vista Home Premium SP1
Microsoft Windows Vista Home Basic SP2
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Vista Enterprise SP2
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Business SP2
Microsoft Windows Vista Business SP1
Microsoft Windows Movie Maker 2.1.4027.0
Microsoft Movie Maker 6.0
Microsoft Movie Maker 2.6
Microsoft Movie Maker 2.1
 
不受影响系统
 
危害
远程攻击者可以利用漏洞以应用程序安全上下文执行任意代码。
 
攻击所需条件
攻击者必须构建恶意项目文件,诱使用户访问。
 
漏洞信息
Microsoft Windows Movie Maker是一款简易非线性编辑软件。可以制作、编辑及分享家庭影片,并新增特殊效果、音乐及旁白,然后通过网络、电子邮件或CD分享您制作的电影
Microsoft Windows Movie Maker解析导入项目文件(.MSWMM)中的字符串时存在边界错误,可导致缓冲区溢出。
成功利用漏洞可以以应用程序安全上下文执行任意代码。
 
测试方法
 
厂商解决方案
用户可参考如下供应商提供的安全补丁:
Microsoft Movie Maker 6.0
Microsoft Security Update for Windows Vista for x64-based Systems (KB981997)
http://www.microsoft.com/downloads/details.aspx?familyid=4BAFF9AE-DD25 -4942-B45E-F281D0E1F4AC
Microsoft Security Update for Windows Vista (KB981997)
http://www.microsoft.com/downloads/details.aspx?familyid=8ADED9DD-08D6 -4B19-955F-0D8414868CF9
Microsoft Movie Maker 2.1
Microsoft Security Update for Windows XP (KB981997)
http://www.microsoft.com/downloads/details.aspx?familyid=B211664B-434D -4626-816F-C77510CFD44D
Microsoft Security Update for Windows XP x64 Edition (KB981997)
http://www.microsoft.com/downloads/details.aspx?familyid=DECB1FE6-ADC8 -44F7-89C5-F25767F0CEFE
Microsoft Movie Maker 2.6
Microsoft Security Update for Movie Maker 2.6 for Windows Vista for x64-based Systems (KB981997)
http://www.microsoft.com/downloads/details.aspx?familyid=0A226592-8F98 -4F67-AC60-1D00CBC56598
Microsoft Security Update for Movie Maker 2.6 for Windows Vista (KB981997)
http://www.microsoft.com/downloads/details.aspx?familyid=A1D8ED0D-A3B5 -416A-AB8B-77501DA62132
 
漏洞提供者
Dyon Balding of Secunia

发表评论?

0 条评论。

发表评论