漏洞信息详情
Microsoft Internet Explorer和Windows URL验证漏洞
- CNNVD编号:CNNVD-201001-245
- 危害等级: 超危
- CVE编号: CVE-2010-0027
- 漏洞类型: 代码注入
- 发布时间: 2010-01-22
- 威胁类型: 远程
- 更新时间: 2019-02-27
- 厂 商: microsoft
- 漏洞来源: Lostmon Lords
漏洞简介
Microsoft Internet Explorer是美国微软(Microsoft)公司发布的Windows操作系统中默认捆绑的Web浏览器。Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。
Microsoft Internet Explorer 5.01、6、6 SP1、7及8版本中的URL验证功能,以及Windows 2000 SP4,XP SP2和SP3,Server 2003 SP2版本中的ShellExecute API函数不能正确处理输入参数。远程攻击者可借助特制URL执行任意本地程序。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft Internet Explorer 8
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=7d480c87-2ca9 -4505-a59d-a6d73d001fa5
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=3e2e740b-8417 -4758-8468-15221249ec71
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=7c2948fb-f486 -4801-bc21-bbf40d5a78c2
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=41b83fad-948b -4a9c-80ed-9c5a60bd35b4
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=278443c1-15dc -436b-893b-ffea6d29d16d
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=a584cd0f-2e05 -4e36-8858-0ffead637162
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=f5ce8582-af63 -4870-bee3-0abeeefa1458
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Syste
http://www.microsoft.com/downloads/details.aspx?familyid=9d137bab-8312 -4240-af74-c65ba652fde0
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=d3386793-a594 -4bc5-8308-28b561d43087
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=be11981c-d286 -4e3c-94bf-d4e67a975d5a
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=5e2cbd7d-f64f -49e5-a159-1965ebfe2a92
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=b7a7e8e7-f4c5 -459d-ab6c-05a192e1e3f9
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Security Update for Windows XP (KB975713)
http://www.microsoft.com/downloads/details.aspx?familyid=b8e7bf17-a037 -4200-9ae2-2280b19766a4
Microsoft Windows XP Media Center Edition SP3
Microsoft Security Update for Windows XP (KB975713)
http://www.microsoft.com/downloads/details.aspx?familyid=b8e7bf17-a037 -4200-9ae2-2280b19766a4
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Security Update for Windows Server 2003 (KB975713)
http://www.microsoft.com/downloads/details.aspx?familyid=5cb2e203-18fb -4887-a1c9-289d86b8ba11
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Security Update for Windows XP x64 Edition (KB975713)
http://www.microsoft.com/downloads/details.aspx?familyid=b8d83f30-9cd7 -4d6b-b2b9-65d0a483cb9c
Microsoft Internet Explorer 7.0
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=14726445-3ff4 -463c-9fc1-c9b758079aca
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (K
http://www.microsoft.com/downloads/details.aspx?FamilyID=5622f223-df9c -4a6a-bdf0-feebaf9920fd
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=c8742230-16d8 -4b2f-bd3e-8834c759856b
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=3510c7d8-7e8f -479e-b6f9-5745a845664d
Microsoft Cumulative Security Update for Internet Explo
参考网址
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/55773
来源:MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-10-016/
来源:MS
链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-007
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/509470/100/0/threaded
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8464
来源:MS
链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002
来源:CERT
链接:http://www.us-cert.gov/cas/techalerts/TA10-040A.HTML
受影响实体
- Microsoft Windows_2003_server:Sp2:Itanium
- Microsoft Windows_xp:-:Sp2:X64
- Microsoft Windows_2003_server:Sp2
- Microsoft Windows_server_2003:Sp2:X64
- Microsoft Windows_xp:Sp3
补丁
- Security Update for Windows Server 2003 (KB975713)
- Security Update for Windows XP x64 Edition (KB975713)
- Security Update for Windows XP (KB975713)
- Security Update for Windows Server 2003 for Itanium-based Systems (KB975713)
- Security Update for Windows 2000 (KB975713)
评论