漏洞信息详情
Microsoft mshtml.dll库GIF图象处理远程拒绝服务漏洞(MS04-025)
- CNNVD编号:CNNVD-200407-071
- 危害等级: 超危
![图片[1]-Microsoft mshtml.dll库GIF图象处理远程拒绝服务漏洞(MS04-025)-一一网](https://www.proyy.com/skycj/data/images/2021-05-17/c4e67a37c54aee8c0e1983d8333a9158.png)
- CVE编号:
CVE-2003-1048
- 漏洞类型:
缓冲区溢出
- 发布时间:
2003-09-02
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
microsoft - 漏洞来源:
Marc Ruef※ marc.ru… -
漏洞简介
Microsoft MSHTML.DLL是一个用于解析HTML语言的动态链接库,IE、Outlook、Outlook Express等应用程序都使用了该动态链接库。
MSHTML.DLL在处理畸形GIF图象时,未能正确处理非法头字段信息,远程攻击者可以利用这个漏洞构建包含恶意GIF图象的HTML页面,诱使用户访问,可导致IE或者OUTLOOK崩溃。
目前没有详细漏洞细节提供。
漏洞公告
厂商补丁:
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS04-025)以及相应补丁:
MS04-025:Cumulative Security Update for Internet Explorer (867801)
链接:http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx” target=”_blank”>
http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx
补丁下载:
Internet Explorer 5.01 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=507E71EF-076B-43C4-8028-E91FCFAB252B&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=507E71EF-076B-43C4-8028-E91FCFAB252B&displaylang=en
Internet Explorer 5.01 Service Pack 3
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AA6F31D-7350-43F8-B72E-ED9D62577A60&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AA6F31D-7350-43F8-B72E-ED9D62577A60&displaylang=en
Internet Explorer 5.01 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=862E6914-821A-4C51-985B-C3958FAD3D4C&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=862E6914-821A-4C51-985B-C3958FAD3D4C&displaylang=en
Internet Explorer 5.5 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=E458480C-93F6-454A-A663-FC187C18CD9B&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=E458480C-93F6-454A-A663-FC187C18CD9B&displaylang=en
Internet Explorer 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2F8A40-1B88-4F93-98B1-1619DCFD7273&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2F8A40-1B88-4F93-98B1-1619DCFD7273&displaylang=en
Internet Explorer 6 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=06F49985-F19F-4B50-A75F-7636D8BEE576&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=06F49985-F19F-4B50-A75F-7636D8BEE576&displaylang=en
Internet Explorer 6 Service Pack 1 (64-Bit Edition)
http://www.microsoft.com/downloads/details.aspx?FamilyId=FCDA580D-9E3B-4B44-BD65-C8D37A0DD62D&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=FCDA580D-9E3B-4B44-BD65-C8D37A0DD62D&displaylang=en
Internet Explorer 6 for Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=D86262D9-C66A-4608-8DBE-2492B4AFBC3B&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=D86262D9-C66A-4608-8DBE-2492B4AFBC3B&displaylang=en
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)
http://www.microsoft.com/downloads/details.aspx?FamilyId=1AA8F5A9-71D3-48F7-BB32-F8A4D36C5FB9&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=1AA8F5A9-71D3-48F7-BB32-F8A4D36C5FB9&displaylang=en
参考网址
来源:US-CERT Technical Alert: TA04-212A
名称: TA04-212A
链接:http://www.us-cert.gov/cas/techalerts/TA04-212A.html
来源:US-CERT Vulnerability Note: VU#685364
名称: VU#685364
链接:http://www.kb.cert.org/vuls/id/685364
来源: XF
名称: ie-mshtml-gif-bo(16804)
链接:http://xforce.iss.net/xforce/xfdb/16804
来源: BID
名称: 8530
链接:http://www.securityfocus.com/bid/8530
来源: MS
名称: MS04-025
链接:http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx
来源: CIAC
名称: O-191
链接:http://www.ciac.org/ciac/bulletins/o-191.shtml
来源: FULLDISC
名称: 20040903 Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html
来源: FULLDISC
名称: 20040902 AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html
来源: FULLDISC
名称: 20030902 New Microsoft Internet Explorer mshtml.dll Denial of Service?
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html
来源: US Government Resource: oval:org.mitre.oval:def:517
名称: oval:org.mitre.oval:def:517
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:517
来源: US Government Resource: oval:org.mitre.oval:def:509
名称: oval:org.mitre.oval:def:509
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:509
来源: US Government Resource: oval:org.mitre.oval:def:236
名称: oval:org.mitre.oval:def:236
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:236
来源: US Government Resource: oval:org.mitre.oval:def:212
名称: oval:org.mitre.oval:def:212
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:212
来源: US Government Resource: oval:org.mitre.oval:def:2100
名称: oval:org.mitre.oval:def:2100
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2100
来源: US Government Resource: oval:org.mitre.oval:def:206
名称: oval:org.mitre.oval:def:206
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:206
来源: US Government Resource: oval:org.mitre.oval:def:1793
名称: oval:org.mitre.oval:def:1793
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1793
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
