漏洞信息详情
Windows Help和Support Center远程缓冲区溢出漏洞(MS03-044)
- CNNVD编号:CNNVD-200311-034
- 危害等级: 高危
![图片[1]-Windows Help和Support Center远程缓冲区溢出漏洞(MS03-044)-一一网](https://www.proyy.com/skycj/data/images/2021-05-26/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2003-0711
- 漏洞类型:
边界条件错误
- 发布时间:
2003-10-15
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
microsoft - 漏洞来源:
Microsoft Security… -
漏洞简介
帮助和支持中心可以提供用户集中化服务和帮助,如提供产品文档,判断硬件兼容性帮助,访问Windows更新,Microsoft在线帮助等。用户和程序可以通过使用\”hcp://\”前缀执行URI链接来访问帮助和支持中心。
帮助和支持中心在处理HCP协议时缺少正确的缓冲区边界检查,远程攻击者可以利用这个漏洞构建恶意URL,诱使用户访问,可能以用户进程权限在系统上执行任意指令。
问题是由于HCP协议关联的一个文件包含一个未充分检查的缓冲区,攻击者可以通过构建恶意恶意URL来利用此漏洞,当用户点击时,就可以导致以用户进程权限在系统上执行任意代码。URL可以以WEB页面为宿主,也可以通过EMAIL发送来触发。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 取消HCP协议的注册:
删除如下注册表键值可取消HCP协议的注册:
HKEY_CLASSES_ROOT\HCP
厂商补丁:
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS03-044)以及相应补丁:
MS03-044:Buffer Overflow in Windows Help and Support Center Could lead to System Compromise (825119)
链接:http://www.microsoft.com/technet/security/bulletin/MS03-044.asp” target=”_blank”>
http://www.microsoft.com/technet/security/bulletin/MS03-044.asp
补丁下载:
Microsoft Windows Millennium Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D6F4228-0E31-4F46-9795-5CDD566BB3B8&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D6F4228-0E31-4F46-9795-5CDD566BB3B8&displaylang=en
Microsoft Windows NT Workstation 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=88BCDC9A-E370-47D8-B818-4E659C7F95AE&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=88BCDC9A-E370-47D8-B818-4E659C7F95AE&displaylang=en
Microsoft Windows NT Server 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=735602AC-BA6E-40D4-8A20-3441F02A25CB&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=735602AC-BA6E-40D4-8A20-3441F02A25CB&displaylang=en
Microsoft Windows NT Server 4.0, Terminal Server Edition , Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=5C16FFAB-9CE7-4444-9AA5-BC6ABE3FD479&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=5C16FFAB-9CE7-4444-9AA5-BC6ABE3FD479&displaylang=en
Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=62B23A0C-67F0-4F11-A95E-E4FB080A63C6&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=62B23A0C-67F0-4F11-A95E-E4FB080A63C6&displaylang=en
Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=C2AB63FD-35CA-4D33-9F8C-8BF5DE2D1117&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=C2AB63FD-35CA-4D33-9F8C-8BF5DE2D1117&displaylang=en
Microsoft Windows XP Gold, Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=84317458-0BEB-4B2C-A095-66CA09DFDAC6&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=84317458-0BEB-4B2C-A095-66CA09DFDAC6&displaylang=en
Microsoft Windows XP 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=97F4868A-5E41-4657-B9FC-7EA13954B982&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=97F4868A-5E41-4657-B9FC-7EA13954B982&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en
Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=40F25862-A815-4674-9175-E3640E3EFD49&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=40F25862-A815-4674-9175-E3640E3EFD49&displaylang=en
Microsoft Windows Server 2003 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en
参考网址
来源:US-CERT Vulnerability Note: VU#467036
名称: VU#467036
链接:http://www.kb.cert.org/vuls/id/467036
来源:CERT/CC Advisory: CA-2003-27
名称: CA-2003-27
链接:http://www.cert.org/advisories/CA-2003-27.html
来源: BID
名称: 8828
链接:http://www.securityfocus.com/bid/8828
来源: MS
名称: MS03-044
链接:http://www.microsoft.com/technet/security/bulletin/ms03-044.asp
来源: BUGTRAQ
名称: 20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106631908105696&w=2
来源: www.ngssoftware.com
链接:http://www.ngssoftware.com/advisories/ms-pchealth.txt
来源: NTBUGTRAQ
名称: 20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=106632194809632&w=2
来源: US Government Resource: oval:org.mitre.oval:def:4706
名称: oval:org.mitre.oval:def:4706
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4706
来源: US Government Resource: oval:org.mitre.oval:def:3889
名称: oval:org.mitre.oval:def:3889
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3889
来源: US Government Resource: oval:org.mitre.oval:def:3685
名称: oval:org.mitre.oval:def:3685
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3685
来源: US Government Resource: oval:org.mitre.oval:def:217
名称: oval:org.mitre.oval:def:217
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:217
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
