Microsoft Internet Explorer HTML文档指令缓冲区溢出漏洞

漏洞信息详情

Microsoft Internet Explorer HTML文档指令缓冲区溢出漏洞

• CNNVD编号：CNNVD-200203-011
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-0022
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2002-03-08
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Discovered by the …

Internet Explorer 5.5和6.0版本的mshtml.dll的HTML指令实现存在缓冲区溢出漏洞。远程攻击者借助web页执行任意代码，该漏洞以一种导致2字符编码标准的字符串连接的方式指定嵌入式控制项。

Microsoft has released a patch which addresses this issue:
Microsoft Internet Explorer 5.5 SP2

• Microsoft q316059_IE 5.5SP2
  
  http://download.microsoft.com/download/ie55sp2/secpac25/5.5_sp2/WIN98M
  e/EN-US/q316059.exe

Microsoft Internet Explorer 5.5 SP1

• Microsoft q316059_IE 5.5SP1
  
  http://download.microsoft.com/download/ie55sp1/secpac25/5.5_sp1/WIN98M
  e/EN-US/q316059.exe

Microsoft Internet Explorer 6.0

• Microsoft q316059_IE6
  
  http://download.microsoft.com/download/IE60/secpac25/6/W98NT42KMeXP/EN
  -US/q316059.exe

来源:CERT/CC Advisory: CA-2002-04
名称: CA-2002-04
链接:http://www.cert.org/advisories/CA-2002-04.html

来源: MS
名称: MS02-005
链接:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp

来源: XF
名称: ie-html-directive-bo(8116)
链接:http://www.iss.net/security_center/static/8116.php

来源: BUGTRAQ
名称: 20020213 dH & SECURITY.NNOV: buffer overflow in mshtml.dll
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101362984930597&w=2

来源: BID
名称: 4080
链接:http://www.securityfocus.com/bid/4080

来源: BUGTRAQ
名称: 20020227 Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)
链接:http://online.securityfocus.com/archive/1/258614

来源: US Government Resource: oval:org.mitre.oval:def:925
名称: oval:org.mitre.oval:def:925
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:925