Microsoft Windows Script Host GetObject()文件泄露漏洞

漏洞信息详情

Microsoft Windows Script Host GetObject()文件泄露漏洞

• CNNVD编号：CNNVD-200106-003
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2001-0149
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2001-06-02
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-04
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Posted to Bugtraq …

Windows Scripting Host in Internet Explorer 5.5及其之前版本存在漏洞。远程攻击者借助GetObject Javascript函数和htmlfile ActiveX 对象读取任意文件。

Microsoft has released a patch which rectifies this issue:
Microsoft Windows Scripting Host 5.1

• Microsoft scriptenWindows 2000
  
  http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.
  exe
• Microsoft ste51enWindows 95, 98, NT 4.0
  
  http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe

Microsoft Windows Scripting Host 5.5

• Microsoft scr55enWindows 95, 98, NT 4.0
  
  http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe
• Microsoft scripten.exe
  
  http://www.microsoft.com/scripting/downloads/v55/windows2000/scripten.
  exe

来源: MS
名称: MS01-015
链接:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp

来源: NTBUGTRAQ
名称: 20000926 IE 5.5/Outlook Express security vulnerability – GetObject() expose user’s files
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96999020527583&w=2

来源: BUGTRAQ
名称: 20000926 IE 5.5/Outlook Express security vulnerability – GetObject() expose user’s files
链接:http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html

来源: XF
名称: ie-getobject-expose-files(5293)
链接:http://xforce.iss.net/xforce/xfdb/5293

来源: BID
名称: 1718
链接:http://www.securityfocus.com/bid/1718