受影响系统:
Microsoft Windows XP Professional
Microsoft Windows XP Home
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Vista
Microsoft Server 2008
Microsoft Storage Server 2003
描述:
BUGTRAQ ID: 47741
CVE(CAN) ID: CVE-2011-1991
Microsoft Windows是微软发布的非常流行的操作系统。
Microsoft Windows多个产品在实现上存在不安全库加载漏洞,远程攻击者可利用控制用户系统。
此漏洞源于多个组件以危险方式加载某些库。通过诱使用户打开远程WebDAV或SMB共享上的.txt、.rtf或.doc文件加载任意库。
<*来源:Mitja Kolsek
链接:http://blog.acrossecurity.com/2011/05/silently-pwning-protected-mode-ie9-and.html
http://blog.acrossecurity.com/2011/05/anatomy-of-com-server-based-binary.html
http://blog.acrossecurity.com/2011/05/silently-pwning-protected-mode-ie9-and.html
http://www.microsoft.com/technet/security/bulletin/MS11-071.mspx
*>
建议:
厂商补丁:
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS11-071)以及相应补丁:
MS11-071:Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
链接:http://www.microsoft.com/technet/security/bulletin/MS11-071.mspx
0 条评论。