Microsoft Windows Internet Explorer SSL缓存漏洞(MS04-038)

漏洞信息详情

Microsoft Windows Internet Explorer SSL缓存漏洞(MS04-038)

• CNNVD编号：CNNVD-200411-028
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0845
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2004-10-12
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Mitja Kolsek

Microsoft Internet Explorer是一款流行的WEB浏览器。
Microsoft Internet Explorer处理验证从SSL保护WEB站点的缓存内容时存在伪造问题，远程攻击者可以利用这个漏洞在安全加强的WEB站点上运行他们选择的脚本。
目前没有详细漏洞细节提供。

厂商补丁：
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS04-038)以及相应补丁:

MS04-038：Cumulative Security Update for Internet Explorer (834707)

链接：http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx” target=”_blank”>
http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx

补丁下载：

Internet Explorer 5.01 Service Pack 3 on Windows 2000 SP3

http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8E8E97-4946-4994-924B-1FB1DC1881BA&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8E8E97-4946-4994-924B-1FB1DC1881BA&displaylang=en

Internet Explorer 5.01 Service Pack 4 on Windows 2000 SP4

http://www.microsoft.com/downloads/details.aspx?FamilyId=72DBE239-AF0A-42B5-B88C-A00371F6EC81&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=72DBE239-AF0A-42B5-B88C-A00371F6EC81&displaylang=en

Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Me

http://www.microsoft.com/downloads/details.aspx?FamilyId=BE27F77C-3C2D-45F1-86DF-2B71799DA169&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=BE27F77C-3C2D-45F1-86DF-2B71799DA169&displaylang=en

Internet Explorer 6 on Windows XP

http://www.microsoft.com/downloads/details.aspx?FamilyId=A89CFBE8-C299-415D-A9D6-7CC6429C547D&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=A89CFBE8-C299-415D-A9D6-7CC6429C547D&displaylang=en

Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, on Microsoft Windows XP, or on Microsoft Windows XP Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=7C1404E6-F5D4-4FED-9573-DD83F2DFF074&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=7C1404E6-F5D4-4FED-9573-DD83F2DFF074&displaylang=en

Internet Explorer 6 Service Pack 1 on Microsoft Windows NT Server 4.0 Service Pack 6a, on Microsoft Windows NT Server 4.0 Terminal Service Edition Service Pack 6, on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Me

http://www.microsoft.com/downloads/details.aspx?FamilyId=DE8D94C4-7F58-4CE7-B8BD-51CFD795B03E&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=DE8D94C4-7F58-4CE7-B8BD-51CFD795B03E&displaylang=en

Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)

http://www.microsoft.com/downloads/details.aspx?FamilyId=C05103E8-4402-4D54-BA03-FBBC24142E4D&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=C05103E8-4402-4D54-BA03-FBBC24142E4D&displaylang=en

Internet Explorer 6 for Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=19E69E5F-9C98-49AD-A61F-4F82A4014412&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=19E69E5F-9C98-49AD-A61F-4F82A4014412&displaylang=en

Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=566C2A05-2513-4E30-A3EA-87D4BF7F9730&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=566C2A05-2513-4E30-A3EA-87D4BF7F9730&displaylang=en

Internet Explorer 6 for Windows XP Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=CF47B515-3F51-43E1-9246-2C2264C49E2E&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=CF47B515-3F51-43E1-9246-2C2264C49E2E&displaylang=en

来源:US-CERT Technical Alert: TA04-293A
名称: TA04-293A
链接:http://www.us-cert.gov/cas/techalerts/TA04-293A.html

来源:US-CERT Vulnerability Note: VU#795720
名称: VU#795720
链接:http://www.kb.cert.org/vuls/id/795720

来源: XF
名称: ie-cache-ssl-obtain-information(17654)
链接:http://xforce.iss.net/xforce/xfdb/17654

来源: MS
名称: MS04-038
链接:http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx

来源: BUGTRAQ
名称: 20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109770364504803&w=2

来源: XF
名称: ie-ms04038-patch(17651)
链接:http://xforce.iss.net/xforce/xfdb/17651

来源: www.acrossecurity.com
链接:http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt

来源: US Government Resource: oval:org.mitre.oval:def:7611
名称: oval:org.mitre.oval:def:7611
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7611

来源: US Government Resource: oval:org.mitre.oval:def:5740
名称: oval:org.mitre.oval:def:5740
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5740

来源: US Government Resource: oval:org.mitre.oval:def:5520
名称: oval:org.mitre.oval:def:5520
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5520

来源: US Government Resource: oval:org.mitre.oval:def:5150
名称: oval:org.mitre.oval:def:5150
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5150

来源: US Government Resource: oval:org.mitre.oval:def:3872
名称: oval:org.mitre.oval:def:3872
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3872

来源: US Government Resource: oval:org.mitre.oval:def:2219
名称: oval:org.mitre.oval:def:2219
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2219