Microsoft Authenticode校验远程任意代码执行漏洞(MS03-041)

漏洞信息详情

Microsoft Authenticode校验远程任意代码执行漏洞(MS03-041)

• CNNVD编号：CNNVD-200311-077
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2003-0660
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2003-10-15
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2019-05-05
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Microsoft Security…

Microsoft Authenticode是一款允许用户验证ActiveX控件的技术。Microsoft Authenticode存在访问验证问题，可允许ActiveX控件在没有任何提示的情况下下载和安装。要利用这个漏洞，攻击者必须构建恶意页面，诱使用户访问，并使ActiveX控件在用户系统上安装和执行。另外，攻击者可以建立特殊的HTML邮件发送给用户，当用户浏览邮件时，未授权的ActiveX控件可在用户系统上安装和执行。Authenticode存在的漏洞可使上述两个情况中以用户权限没有任何提示情况下安装恶意控件，导致系统被控制。

厂商补丁：

Microsoft

———

Microsoft已经为此发布了一个安全公告(MS03-041)以及相应补丁:

MS03-041：Vulnerability in Authenticode Could Allow Remote code Execution (823182)

链接：
http://www.microsoft.com/technet/security/bulletin/MS03-041.asp” target=”_blank”>

http://www.microsoft.com/technet/security/bulletin/MS03-041.asp

补丁下载：

Microsoft Windows NT Workstation 4.0, Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=921466F5-BC40-4E8E-BB57-6B81B57C21B6&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=921466F5-BC40-4E8E-BB57-6B81B57C21B6&displaylang=en

Microsoft Windows NT Server 4.0, Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=21F64FF0-9175-42BE-A8E4-BDC59A98BDF2&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=21F64FF0-9175-42BE-A8E4-BDC59A98BDF2&displaylang=en

Microsoft Windows NT Server 4.0, Terminal Server Edition , Service Pack 6

http://www.microsoft.com/downloads/details.aspx?FamilyId=C6688576-4682-4A30-BBD7-1817F2944890&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=C6688576-4682-4A30-BBD7-1817F2944890&displaylang=en

Microsoft Windows 2000, Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=C862E049-58B2-4486-8D98-23183D7EE17D&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=C862E049-58B2-4486-8D98-23183D7EE17D&displaylang=en

Microsoft Windows 2000, Service Pack 3, Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=90D27AEC-7D2A-45FD-B85A-E98E574338F1&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=90D27AEC-7D2A-45FD-B85A-E98E574338F1&displaylang=en

Microsoft Windows XP Gold, Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=6CDF5303-D767-4D68-9BA7-055E93E87847&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=6CDF5303-D767-4D68-9BA7-055E93E87847&displaylang=en

Microsoft Windows XP 64-bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=D92EF2E8-C03A-43C0-B428-D76C4B669151&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=D92EF2E8-C03A-43C0-B428-D76C4B669151&displaylang=en

Microsoft Windows XP 64-bit Edition Version 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en

Microsoft Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=135D8C00-7B4B-4C21-8EAA-D58814635E0D&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=135D8C00-7B4B-4C21-8EAA-D58814635E0D&displaylang=en

Microsoft Windows Server 2003 64-bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A185

来源:MS

链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-041

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/13422

来源:CERT-VN

链接:http://www.kb.cert.org/vuls/id/838572

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A198

来源:CERT

链接:http://www.cert.org/advisories/CA-2003-27.html

来源:BID

链接:http://www.securityfocus.com/bid/8830