漏洞信息详情

Microsoft Windows autorun.inf漏洞

• CNNVD编号：CNNVD-200002-055
• 危害等级： 高危
  
• CVE编号： CVE-2000-0155
• 漏洞类型： 代码注入
• 发布时间： 2000-02-18
• 威胁类型： 本地
• 更新时间： 2005-10-20
• 厂        商： microsoft
• 漏洞来源： .');">Posted to Bugtraq ...

漏洞简介

Windows NT Autorun在不可移动媒体上执行autorun.inf文件。本地用户利用此漏洞可以在其他用户访问驱动器时指定一个备份程序执行。

漏洞公告

There are two registry settings that control which drives can be recognized by the Autorun feature, both located in: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoDriveTypeAutoRun This value specifies drive types that will be checked for Autorun.inf files. Each bit of the first byte of the value corresponds to a drive type, and a value of 1 disables Autorun for that drive type. Starting with bit 0, the types are: Unknown, No_Root_Dir, Removable, Fixed, Remote, CDROM, Ramdisk. The last bit is reserved for future drive types. For example, a setting of 0xDF (11011111) will enable Autorun on CDROMs only. NoDriveAutoRun This value specifies which drives, by drive letter, will have Autorun enabled or disabled. The first bit is drive A:, second is B: and so on. Once again, 0 enables and 1 disables. For example, a setting of 0xFFFFFFF7 (11111111111111111111111111110111) will enable Autorun for drive D: only.

参考网址

来源: BID 名称: 993 链接:http://www.securityfocus.com/bid/993 来源: BUGTRAQ 名称: 20000218 AUTORUN.INF Vulnerability 链接:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000701bf79cd$fdb5a620$4c4342a6@mightye.org

受影响实体

• Microsoft Windows_95  
• Microsoft Windows_98:Gold  
• Microsoft Windows_nt:4.0  

补丁

暂无