Microsoft DHTML编辑组件远程缓冲区溢出漏洞(MS05-013)

漏洞信息详情

Microsoft DHTML编辑组件远程缓冲区溢出漏洞(MS05-013)

• CNNVD编号：CNNVD-200412-065
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-1319
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2004-12-15
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Microsoft Security…

DHTML编辑组件ActiveX控件为动态WEB站点提供HTML编辑功能。
Microsoft DHTML编辑组件ActiveX控件存在一个跨域漏洞，远程攻击者可以利用这个漏洞获得目标用户敏感信息或在目标系统上执行任意代码。
攻击者可以构建一个恶意WEB链接，诱使用户点击，可以以用户进程权限在系统上执行任意代码。目前没有详细漏洞细节提供。

厂商补丁：
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS05-013)以及相应补丁:

MS05-013：Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)

链接：http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx” target=”_blank”>
http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx

补丁下载：

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=AEA07CBA-0E2B-4A22-91ED-1D23BB012C04” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=AEA07CBA-0E2B-4A22-91ED-1D23BB012C04

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=9490E7D2-03C2-463A-B3D0-B949F5295208” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=9490E7D2-03C2-463A-B3D0-B949F5295208

Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)

http://www.microsoft.com/downloads/details.aspx?FamilyId=9E0247B8-240E-416C-9586-ACD5EF8578DE” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=9E0247B8-240E-416C-9586-ACD5EF8578DE

Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)

http://www.microsoft.com/downloads/details.aspx?FamilyId=2CE98263-2AB4-4FE3-8B0B-5B3155119730” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=2CE98263-2AB4-4FE3-8B0B-5B3155119730

Microsoft Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=E99F5BDD-8EA8-4837-960E-0D20DEA9AC4D” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=E99F5BDD-8EA8-4837-960E-0D20DEA9AC4D

Microsoft Windows Server 2003 for Itanium-based Systems

http://www.microsoft.com/downloads/details.aspx?FamilyId=2CE98263-2AB4-4FE3-8B0B-5B3155119730” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=2CE98263-2AB4-4FE3-8B0B-5B3155119730

来源:US-CERT Technical Alert: TA05-039A
名称: TA05-039A
链接:http://www.us-cert.gov/cas/techalerts/TA05-039A.html

来源:US-CERT Vulnerability Note: VU#356600
名称: VU#356600
链接:http://www.kb.cert.org/vuls/id/356600

来源: XF
名称: ie-dhtml-xss(18504)
链接:http://xforce.iss.net/xforce/xfdb/18504

来源: BID
名称: 11950
链接:http://www.securityfocus.com/bid/11950

来源: MS
名称: MS05-013
链接:http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx

来源: SECUNIA
名称: 13482
链接:http://secunia.com/advisories/13482/

来源: BUGTRAQ
名称: 20041215 MSIE DHTML Edit Control Cross Site Scripting Vulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html

来源: US Government Resource: oval:org.mitre.oval:def:4758
名称: oval:org.mitre.oval:def:4758
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4758

来源: US Government Resource: oval:org.mitre.oval:def:3851
名称: oval:org.mitre.oval:def:3851
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3851

来源: US Government Resource: oval:org.mitre.oval:def:3464
名称: oval:org.mitre.oval:def:3464
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3464

来源: US Government Resource: oval:org.mitre.oval:def:1701
名称: oval:org.mitre.oval:def:1701
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1701

来源: US Government Resource: oval:org.mitre.oval:def:1114
名称: oval:org.mitre.oval:def:1114
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1114