漏洞信息详情
Microsoft Internet验证对象类型漏洞
- CNNVD编号:CNNVD-200308-151
- 危害等级: 高危
![图片[1]-Microsoft Internet验证对象类型漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-16/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2003-0532
- 漏洞类型:
输入验证
- 发布时间:
2003-08-27
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
microsoft - 漏洞来源:
Discovery is credi… -
漏洞简介
Internet Explorer 5.01 SP3至6.0 SP1版本不能正确判断web服务器返回的对象类型。远程攻击者可以借助服务器主机上的带有data参数的恶意文件的对象标签执行任意代码,该恶意文件返回不安全Content-Type,也称为 \”Object Type\”漏洞。
漏洞公告
Microsoft has released fixes. It should be noted that some reports indicate that the supplied fix for Internet Explorer 5.01 does not correctly address this issue. This information has not been confirmed by Symantec.
Fixes:
Microsoft Internet Explorer 5.0.1 SP3
-
Microsoft Cumulative Patch for Internet Explorer (822925)For all versions of Internet Explorer except Internet Explorer for Windows 2003.
http://www.microsoft.com/windows/ie/downloads/critical/822925/default.
asp
Microsoft Internet Explorer 5.5 SP2
-
Microsoft Cumulative Patch for Internet Explorer (822925)For all versions of Internet Explorer except Internet Explorer for Windows 2003.
http://www.microsoft.com/windows/ie/downloads/critical/822925/default.
asp
Microsoft Internet Explorer 6.0 SP1
-
Microsoft Cumulative Patch for Internet Explorer (822925)For all versions of Internet Explorer except Internet Explorer for Windows 2003.
http://www.microsoft.com/windows/ie/downloads/critical/822925/default.
asp -
Microsoft Cumulative Patch for Internet Explorer (822925)For Internet Explorer 6.0 for Windows Server 2003.
http://www.microsoft.com/windows/ie/downloads/critical/822925s/default
.asp
Microsoft Internet Explorer 6.0
-
Microsoft Cumulative Patch for Internet Explorer (822925)For all versions of Internet Explorer except Internet Explorer for Windows 2003.
http://www.microsoft.com/windows/ie/downloads/critical/822925/default.
asp
参考网址
来源:US-CERT Vulnerability Note: VU#865940
名称: VU#865940
链接:http://www.kb.cert.org/vuls/id/865940
来源: MS
名称: MS03-032
链接:http://www.microsoft.com/technet/security/bulletin/ms03-032.asp
来源: www.eeye.com
链接:http://www.eeye.com/html/Research/Advisories/AD20030820.html
来源: BUGTRAQ
名称: 20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106149026621753&w=2
来源: VULNWATCH
名称: 20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
