Microsoft Internet Explorer Plugin.OCX Load()类函数缓冲区溢出漏洞

漏洞信息详情

Microsoft Internet Explorer Plugin.OCX Load()类函数缓冲区溢出漏洞

• CNNVD编号：CNNVD-200305-042
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2003-0233
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2003-05-12
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-31
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  The vendor credits…

Internet Explorer 5.01，5.5和6.0版本的plugin.ocx存在基于堆的缓冲区溢出漏洞。远程攻击者可以借助 Load()类函数执行任意代码，该漏洞不同于CVE-2003-0115。

Microsoft has released a cumulative patch to address these issues.
Microsoft Internet Explorer 6.0 SP1

• Microsoft Q813489Information regarding downloading and installing cumulative patch Q813489.exe.
  
  http://www.microsoft.com/windows/ie/downloads/critical/813489/default.
  asp

Microsoft Internet Explorer 5.5 SP2

• Microsoft Q813489Information regarding downloading and installing cumulative patch Q813489.exe.
  
  http://www.microsoft.com/windows/ie/downloads/critical/813489/default.
  asp

Microsoft Internet Explorer 6.0

• Microsoft Q813489Information regarding downloading and installing cumulative patch Q813489.exe.
  
  http://www.microsoft.com/windows/ie/downloads/critical/813489/default.
  asp

Microsoft Internet Explorer 5.0.1 SP3

• Microsoft Q813489Information regarding downloading and installing cumulative patch Q813489.exe.
  
  http://www.microsoft.com/windows/ie/downloads/critical/813489/default.
  asp

来源: MS
名称: MS03-015
链接:http://www.microsoft.com/technet/security/bulletin/ms03-015.asp

来源: BUGTRAQ
名称: 20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105120164927952&w=2

来源: XF
名称: ie-plugin-load-bo(11854)
链接:http://www.iss.net/security_center/static/11854.php

来源: US Government Resource: oval:org.mitre.oval:def:1094
名称: oval:org.mitre.oval:def:1094
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1094