Microsoft Internet Explorer级联样式表文件泄露漏洞

漏洞信息详情

Microsoft Internet Explorer级联样式表文件泄露漏洞

• CNNVD编号：CNNVD-200205-080
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-0191
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-05-29
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  .’);”>Discovery of this …

Microsoft Internet Explorer 5.01，5.5和6.0版本存在漏洞。远程攻击者借助包含stylesheet对象cssText属性的脚本浏览含有“{”字符的任意文件，也称为“Local Information Disclosure through HTML Object”漏洞。

Microsoft has released patches. However, it has been reported that these patches do not address the issue completely and it is still possible to exploit this vulnerability under some circumstances.
Microsoft Internet Explorer 6 Service Pack 1 is reported to eliminate the possibility that a redirect may be used to exploit this issue.
Please note that the appropriate service pack must be installed in order to apply the patch:
Microsoft Internet Explorer 5.0.1 SP2

• Microsoft q321232Windows NT and Windows 2000
  
  http://download.microsoft.com/download/ie501sp2/secpac27/5.01_sp2/NT45
  /EN-US/q321232.exe

Microsoft Internet Explorer 5.5 SP1

• Microsoft q321232
  
  http://download.microsoft.com/download/ie55sp1/secpac27/5.5_sp1/W98NT4
  2KMe/EN-US/q321232.exe

Microsoft Internet Explorer 5.5 SP2

• Microsoft q321232
  
  http://download.microsoft.com/download/ie55sp2/secpac27/5.5_sp2/W98NT4
  2KMe/EN-US/q321232.exe

Microsoft Internet Explorer 6.0

• Microsoft ie6sp1
  
  http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.
  asp

来源: MS
名称: MS02-023
链接:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp

来源: XF
名称: ie-css-read-files (8740)
链接:http://www.iss.net/security_center/static/8740.php

来源: BID
名称: 4411
链接:http://www.securityfocus.com/bid/4411

来源: BUGTRAQ
名称: 20020402 Reading portions of local files in IE, depending on structure (GM#004-IE)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101778302030981&w=2