Microsoft Task Scheduler远程任意代码执行漏洞(MS04-022)

漏洞信息详情

Microsoft Task Scheduler远程任意代码执行漏洞(MS04-022)

• CNNVD编号：CNNVD-200408-018
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2004-0212
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2004-07-13
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2019-05-05
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Brett Moore※ brett…

Microsoft Task Scheduler用于任务调度。Microsoft Task Scheduler在处理应用程序文件名验证时存在问题，远程攻击者可以利用这个漏洞以系统权限在系统上执行任意指令。成功利用此漏洞攻击者可以完全控制整个系统，但是此漏洞需要部分用户交互才能触发。攻击者可以构建恶意WEB页，诱使用户点击来触发此漏洞。

厂商补丁：

Microsoft

———

Microsoft已经为此发布了一个安全公告(MS04-022)以及相应补丁:

MS04-022：Vulnerability in Task Scheduler Could Allow Code Execution (841873)

链接：
http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx” target=”_blank”>

http://www.microsoft.com/technet/security/bulletin/MS04-022.mspx

补丁下载：

Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft Windows 2000 Service Pack 4：

http://www.microsoft.com/downloads/details.aspx?FamilyId=BBF3C8A1-7D72-4CE9-A586-7C837B499C08&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=BBF3C8A1-7D72-4CE9-A586-7C837B499C08&displaylang=en

Microsoft Windows XP and Microsoft Windows XP Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=8E8D0A2D-D3B9-4DE8-8B6F-FC27715BC0CF&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=8E8D0A2D-D3B9-4DE8-8B6F-FC27715BC0CF&displaylang=en

Microsoft Windows XP 64-Bit Edition Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=7B4AC0FA-7954-4993-85A1-85298F122CE0&displaylang=en” target=”_blank”>

http://www.microsoft.com/downloads/details.aspx?FamilyId=7B4AC0FA-7954-4993-85A1-85298F122CE0&displaylang=en

来源:CERT-VN

链接:http://www.kb.cert.org/vuls/id/228028

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/16591

来源:BUGTRAQ

链接:http://marc.info/?l=bugtraq&m=108981403025596&w=2

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428

来源:CERT

链接:http://www.us-cert.gov/cas/techalerts/TA04-196A.html

来源:BUGTRAQ

链接:http://marc.info/?l=bugtraq&m=108981273009250&w=2

来源:MISC

链接:http://www.ngssoftware.com/advisories/mstaskjob.txt

来源:SECUNIA

链接:http://secunia.com/advisories/12060

来源:MS

链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781