漏洞信息详情
Microsoft压缩文件夹远程任意命令执行漏洞(MS04-034)
- CNNVD编号:CNNVD-200411-011
- 危害等级: 超危
![图片[1]-Microsoft压缩文件夹远程任意命令执行漏洞(MS04-034)-一一网](https://www.proyy.com/skycj/data/images/2021-05-26/c4e67a37c54aee8c0e1983d8333a9158.png)
- CVE编号:
CVE-2004-0575
- 漏洞类型:
边界条件错误
- 发布时间:
2004-10-12
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
microsoft - 漏洞来源:
Yuji Ukai -
漏洞简介
Microsoft Windows包含对ZIP压缩文件夹的支持。
Microsoft Windows处理ZIP压缩文件夹的DUNZIP32.DLL模块存在缓冲区溢出,远程攻击者可以利用这个漏洞以登录用户进程权限在系统上执行任意指令。
当ZIP文件包含一个超长文件名时(超过0x8000字节),在Windows shell中以ZIP压缩文件夹打开时,会触发缓冲区溢出,允许异常处理被覆盖及EIP被劫持。
漏洞公告
厂商补丁:
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS04-034)以及相应补丁:
MS04-034:Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)
链接:http://www.microsoft.com/technet/security/bulletin/MS04-034.mspx” target=”_blank”>
http://www.microsoft.com/technet/security/bulletin/MS04-034.mspx
补丁下载:
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=6B70BA00-56D1-4314-8F53-F8355A6861D3” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=6B70BA00-56D1-4314-8F53-F8355A6861D3
Microsoft Windows XP 64-Bit Edition Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=3F6896F3-F055-438D-93CE-CD15F37264CB” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=3F6896F3-F055-438D-93CE-CD15F37264CB
Microsoft Windows XP 64-Bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=4B63EF24-D0E4-4005-8E23-2F5EC24BE63F” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=4B63EF24-D0E4-4005-8E23-2F5EC24BE63F
Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=0903569E-7F3D-4846-A1DC-78734E77D3A9” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=0903569E-7F3D-4846-A1DC-78734E77D3A9
Microsoft Windows Server 2003 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=4B63EF24-D0E4-4005-8E23-2F5EC24BE63F” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=4B63EF24-D0E4-4005-8E23-2F5EC24BE63F
参考网址
来源:US-CERT Vulnerability Note: VU#649374
名称: VU#649374
链接:http://www.kb.cert.org/vuls/id/649374
来源: XF
名称: win-ms04034-patch(17659)
链接:http://xforce.iss.net/xforce/xfdb/17659
来源: XF
名称: win-compressed-folders-bo(17624)
链接:http://xforce.iss.net/xforce/xfdb/17624
来源: MS
名称: MS04-034
链接:http://www.microsoft.com/technet/security/bulletin/ms04-034.asp
来源: www.eeye.com
链接:http://www.eeye.com/html/research/advisories/AD20041012A.html
来源: CIAC
名称: P-010
链接:http://www.ciac.org/ciac/bulletins/p-010.shtml
来源: SECTRACK
名称: 1011637
链接:http://securitytracker.com/id?1011637
来源: BUGTRAQ
名称: 20041013 EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=109767342326300&w=2
来源: US Government Resource: oval:org.mitre.oval:def:6397
名称: oval:org.mitre.oval:def:6397
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6397
来源: US Government Resource: oval:org.mitre.oval:def:4276
名称: oval:org.mitre.oval:def:4276
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4276
来源: US Government Resource: oval:org.mitre.oval:def:3913
名称: oval:org.mitre.oval:def:3913
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3913
来源: US Government Resource: oval:org.mitre.oval:def:1053
名称: oval:org.mitre.oval:def:1053
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1053
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
