漏洞起因
设计错误
影响系统
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Outlook Express 5.5
Microsoft Outlook Express 6
Microsoft Windows Media Player 10.x
Microsoft Windows Media Player 11.x
Microsoft Windows Media Player 9.x
不受影响系统
危害
远程攻击者可以利用漏洞以应用程序安全上下文执行任意指令。
攻击所需条件
攻击者必须构建恶意WEB页,诱使用户打开。
漏洞信息
Microsoft 活动模板库(ATL Active TEmplate Library)是一款微软程序库,支持利用C++语言编写ASP代码以及其它ActiveX程序。
Microsoft 活动模板库存在多个漏洞,远程攻击者可以利用漏洞以应用程序安全上下文执行任意指令。
-ATL头字段中使用的Microsoft ATL (Active Template Library) "CComVariant::ReadFromStream()"函数存在错误,可从流中读取数据直接拷贝到堆栈中,造成缓冲区溢出。
-Microsoft ATL IPersistStreamInit接口的装载方法存在边界错误可导致缓冲区溢出。
-Microsoft ATL头字段中存在错误可导致对不正确初始化的变量进行VariantClear()调用。
-当处理数据流的对象实例时Microsoft ATL头字段中存在错误可允许绕过类似Internet Explorer的kill-bit安全策略。
-Microsoft ATL头字段对流中读取的变量缺少充分验证,可导致删除变量时不正确内存释放而触发内存破坏。攻击者可以构建恶意WEB页,诱使用户打开来触发。
测试方法
厂商解决方案
用户可参考如下补丁信息:
Microsoft Windows ATL Component 0
Microsoft Security Update for Windows 2000 (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=c773149a-f4fc -486a-b718-6b8ff7a36ae2
Microsoft Security Update for Windows Server 2003 (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=7d9369b5-0c54 -4c17-bc62-fba0a7b4728c
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=ad1791b3-8553 -4433-a9f7-8b4f857665be
Microsoft Security Update for Windows Server 2003 x64 Edition (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=90e0e014-ed7e -498a-9f61-18bb09a384b3
Microsoft Security Update for Windows Server 2008 (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=ba423491-6c29 -49f2-811b-ac3f9bbc58fc
Microsoft Security Update for Windows Server 2008 for Itanium-based Systems (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=e5612bb4-5f37 -4b38-bd2e-f198c413371c
Microsoft Security Update for Windows Server 2008 x64 Edition (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=b9311953-889a -415f-a396-250a005e95cd
Microsoft Security Update for Windows Vista (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=80de158d-157e -4c21-9154-c1dbd6e57cb3
Microsoft Security Update for Windows Vista for x64-based Systems (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=82940d30-6a30 -47ca-b184-2ac96e35c294
Microsoft Security Update for Windows XP (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=4b4c6fc5-e8e6 -4d89-a181-e231240468f9
Microsoft Security Update for Windows XP x64 Edition (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=2f2b93fc-f977 -4f23-af90-c27f744fad0a
Microsoft Windows Media Player 9.0
Microsoft Security Update for Windows Media Player 9 for Windows 2000 (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=bd7c9fc4-61cb -4c23-9961-6d63f234731c
Microsoft Security Update for Windows XP Service Pack 2 (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=34b2b14d-5811 -4635-ba83-f837dcb03d04
Microsoft Security Update for Windows XP Service Pack 3 (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=ec84c98b-6bc7 -442f-9280-d6e204280b2f
Microsoft Microsoft MSWebDVD ActiveX Control 0
Microsoft Security Update for Windows Server 2003 (KB973815)
http://www.microsoft.com/downloads/details.aspx?familyid=301ad191-8d3f -41d3-b41c-e2e863893f73
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB973815)
http://www.microsoft.com/downloads/details.aspx?familyid=5b8a8958-c3cd -4b24-85a2-1baacf92d218
Microsoft Security Update for Windows Server 2003 x64 Edition (KB973815)
http://www.microsoft.com/downloads/details.aspx?familyid=2ae71a65-5eee -4dd2-bc79-b7c5a73022bc
Microsoft Security Update for Windows XP (KB973815)
http://www.microsoft.com/downloads/details.aspx?familyid=8b71bcc9-5146 -4afc-8847-0af21d7fad36
Microsoft Security Update for Windows XP x64 Edition (KB973815)
http://www.microsoft.com/downloads/details.aspx?familyid=85b2dcdb-cea9 -4c4a-8ebd-50264e781ade
Microsoft Windows Media Player 10.0
Microsoft Security Update for Windows Server 2003 (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=ab054890-983b -4414-ad0a-da1b2d2a4895
Microsoft Security Update for Windows Server 2003 x64 Edition (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=5890233a-d8f7 -490c-8bf5-3ed4bd1c6991
Microsoft Security Update for Windows XP x64 Edition (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=bb98187a-8db9 -47e4-88ac-15544c5268f6
Microsoft Windows Media Player 11
Microsoft Security Update for Windows Media Player 11 for Windows XP X64 Edition (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=9e8b9027-4407 -4c31-a2ba-9e094557d467
Microsoft Security Update for Windows Server 2008 (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=85d9e69f-99a2 -467f-bf37-4b47466a12d4
Microsoft Security Update for Windows Server 2008 x64 Edition (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=9501c8c2-a526 -4661-8cba-7847bace1aa0
Microsoft Security Update for Windows Vista (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=3766aed9-93f5 -478e-a5bf-b7ee0b577088
Microsoft Security Update for Windows Vista for x64-based Systems (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=64edbd64-9faa -4f54-b0d5-836c683ca7cd
Microsoft Security Update for Windows XP Service Pack 2 (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=34b2b14d-5811 -4635-ba83-f837dcb03d04
Microsoft Security Update for Windows XP Service Pack 3 (KB973540)
http://www.microsoft.com/downloads/details.aspx?familyid=ec84c98b-6bc7 -442f-9280-d6e204280b2f
Microsoft Outlook Express 6.0
Microsoft Security Update for Windows Server 2003 (KB973354)
http://www.microsoft.com/downloads/details.aspx?familyid=3119ab1e-6729 -40a1-b28f-0dab50502be6
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB973354)
http://www.microsoft.com/downloads/details.aspx?familyid=7978b921-c5b5 -461f-a284-b9848f568aa9
Microsoft Security Update for Windows Server 2003 x64 Edition (KB973354)
http://www.microsoft.com/downloads/details.aspx?familyid=17bd00e3-810c -4a72-bd13-1b55ffb52a5e
Microsoft Security Update for Windows XP (KB973354)
http://www.microsoft.com/downloads/details.aspx?familyid=c67b5506-00ea -47cc-a0e8-897057b7380c
Microsoft Security Update for Windows XP x64 Edition (KB973354)
http://www.microsoft.com/downloads/details.aspx?familyid=ede1a73a-e303 -435e-a2c7-0281ce2370da
漏洞提供者
Ryan Smith of VeriSign iDefense Labs
0 条评论。