Microsoft Windows XP自执行文件夹漏洞

漏洞信息详情

Microsoft Windows XP自执行文件夹漏洞

• CNNVD编号：CNNVD-200412-186
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2004-2289
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Discovery is credi…

Microsoft Windows XP Explorer存在漏洞。本地用户可以借助带有含.ShellClassInfo说明符的Desktop.ini文件的系统文件夹来执行任意代码，该说明符带有一个与可执行文件有关的CLSID值。

Microsoft has released advisory MS06-015, along with fixes to address this issue. Please see the referenced advisory for further information.
Microsoft Windows Server 2003 Datacenter Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=099EE535-8B31
  -4356-B3FB-EF524C20A424&displaylang=en

Microsoft Windows Server 2003 Datacenter x64 Edition

• Microsoft Security Update for Windows Server 2003 x64 Edition (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=238AB809-5A7E
  -4678-B01B-38FD82E9C701&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=099EE535-8B31
  -4356-B3FB-EF524C20A424&displaylang=en

Microsoft Windows XP Media Center Edition SP2

• Microsoft Security Update for Windows XP (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=392C2F1B-AA24
  -48E5-8D5B-EA56341DB936&displaylang=en

Microsoft Windows Server 2003 Datacenter Edition

• Microsoft Security Update for Windows Server 2003 (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=099EE535-8B31
  -4356-B3FB-EF524C20A424&displaylang=en

Microsoft Windows 2000 Advanced Server SP4

• Microsoft Security Update for Windows 2000 (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=AE28BC65-3A5E
  -4497-AD05-2CDE8E7B5E95&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition Itanium SP1

• Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=E3C7E736-1583
  -4BD5-B661-A9AADDFA5B86&displaylang=en

Microsoft Windows XP Tablet PC Edition SP1

• Microsoft Security Update for Windows XP (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=392C2F1B-AA24
  -48E5-8D5B-EA56341DB936&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition

• Microsoft Security Update for Windows Server 2003 (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=099EE535-8B31
  -4356-B3FB-EF524C20A424&displaylang=en

Microsoft Windows XP Home SP2

• Microsoft Security Update for Windows XP (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=392C2F1B-AA24
  -48E5-8D5B-EA56341DB936&displaylang=en

Microsoft Windows 2000 Datacenter Server SP4

• Microsoft Security Update for Windows 2000 (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=AE28BC65-3A5E
  -4497-AD05-2CDE8E7B5E95&displaylang=en

Microsoft Windows XP Tablet PC Edition SP2

• Microsoft Security Update for Windows XP (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=392C2F1B-AA24
  -48E5-8D5B-EA56341DB936&displaylang=en

Microsoft Windows XP Media Center Edition SP1

• Microsoft Security Update for Windows XP (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=392C2F1B-AA24
  -48E5-8D5B-EA56341DB936&displaylang=en

Microsoft Windows Server 2003 Web Edition

• Microsoft Security Update for Windows Server 2003 (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=099EE535-8B31
  -4356-B3FB-EF524C20A424&displaylang=en

Microsoft Windows XP Home SP1

• Microsoft Security Update for Windows XP (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=392C2F1B-AA24
  -48E5-8D5B-EA56341DB936&displaylang=en

Microsoft Windows XP Professional x64 Edition

• Microsoft Security Update for Windows XP x64 Edition (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=11A5195E-3F32
  -41F9-AB39-68A099EE945D&displaylang=en

Microsoft Windows Server 2003 Web Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=099EE535-8B31
  -4356-B3FB-EF524C20A424&displaylang=en

Microsoft Windows Server 2003 Enterprise Edition Itanium 0

• Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=E3C7E736-1583
  -4BD5-B661-A9AADDFA5B86&displaylang=en

Microsoft Windows Server 2003 Standard Edition SP1

• Microsoft Security Update for Windows Server 2003 (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=099EE535-8B31
  -4356-B3FB-EF524C20A424&displaylang=en

Microsoft Windows Server 2003 Standard Edition

• Microsoft Security Update for Windows Server 2003 (KB908531)
  
  http://www.microsoft.com/downloads/details.aspx?familyid=099EE535-8B31
  -4356-B3FB-EF524C20A424&displaylang=en

来源: XF
名称: winxp-explorer-code-execution(16171)
链接:http://xforce.iss.net/xforce/xfdb/16171

来源: BID
名称: 10363
链接:http://www.securityfocus.com/bid/10363

来源: OSVDB
名称: 6221
链接:http://www.osvdb.org/6221

来源: www.freewebs.com
链接:http://www.freewebs.com/roozbeh_afrasiabi/xploit/execute.htm

来源: SECUNIA
名称: 11633
链接:http://secunia.com/advisories/11633

来源: BUGTRAQ
名称: 20040517 Desktop.ini flaw results in executing folders
链接:http://archives.neohapsis.com/archives/bugtraq/2004-05/0168.html

来源: MS
名称: MS06-015
链接:http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx