漏洞信息详情
Microsoft Internet Explorer和Windows 代码注入漏洞
- CNNVD编号:CNNVD-200907-414
- 危害等级: 超危
- CVE编号: CVE-2009-1919
- 漏洞类型: 代码注入
- 发布时间: 2009-07-29
- 威胁类型: 远程
- 更新时间: 2021-07-27
- 厂 商: microsoft
- 漏洞来源: Peter Vreugdenhil
漏洞简介
Internet Explorer是Windows操作系统中默认捆绑的WEB浏览器 。
Internet Explorer处理内存对象、访问已删除对象、在特定条件下处理表格操作的方式中存在多个内存破坏漏洞。攻击者可以通过构建特制(修改嵌入式样式表未指定规定属性,使行为元素被异常处理)的网页来利用该漏洞,当用户查看网页时,该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。如果用户使用管理用户权限登录,成功利用此漏洞的攻击者便可完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户 。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft Internet Explorer 6.0 SP1
Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB972260)
http://www.microsoft.com/downloads/details.aspx?FamilyID=93bd1baa-e2fb -4e8c-9dd7-738efef32282
Microsoft Internet Explorer 7.0
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=f4112c25-9e6f -473a-bdbc-3df6dd66e6af
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (K
http://www.microsoft.com/downloads/details.aspx?FamilyID=adb6bad2-9931 -4ede-856e-bb43bb0f6071
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=a594ee0d-ec8f -47df-9125-89d0bbf2115d
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB972260)
http://www.microsoft.com/downloads/details.aspx?FamilyID=c874c8f8-0449 -42b1-8d8b-901040069568
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=113cc76a-c434 -42ff-b594-4834989ad5ba
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=92e3af41-71b0 -4a28-afc7-123733180ead
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=470387ac-6d75 -4b7e-8ca5-376b67a8bd4d
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=1958ec40-3b7b -43a9-9fdc-742735dcf516
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=d3be9a13-1a5b -4b74-9649-449df923f573
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=2b23cd74-6cf1 -413b-82a7-b602347e3ce6
Microsoft Internet Explorer 8
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=f4ae65a7-142f -4953-a542-315dac2ac606
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=3bc0e17b-898b -4f29-aa29-607527e1c1cd
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=0acc8aaa-0ae1 -412a-9f2b-dc7c707cae00
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=29c8d9e6-2cb8 -42b6-b0a6-2510fdb49eab
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 2008 R2 Release Candidate for Itanium-
http://www.microsoft.com/downloads/details.aspx?familyid=d223766f-2728 -451d-98dd-c250ca52a76f
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=30f99bda-9107 -4969-90af-2a30e12acdae
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=acd3667b-6676 -4010-b23b-e8372dd55f93
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=b05a19f7-7412 -4c2b-ad11-34396e54ca43
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB972260)
http://www.microsoft.com/downloads/details.aspx?familyid=900e9a05-2f71 -42de-b603-47e4ac061bcb
Microsoft Internet Explorer 6.0
Microsoft C
参考网址
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2009/2033
来源:MS
链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-09-048
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5660
来源:SECTRACK
链接:http://www.securitytracker.com/id?1022611
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/505524/100/0/threaded
来源:CERT
链接:http://www.us-cert.gov/cas/techalerts/TA09-195A.HTML
受影响实体
- Microsoft Ie:6
- Microsoft Ie:7
- Microsoft Ie:6:Sp1
- Microsoft Ie:5.01:Sp4
- Microsoft Ie:8
补丁
暂无
评论