漏洞信息详情
MS IE HTML Help捷径漏洞
- CNNVD编号:CNNVD-200003-002
- 危害等级: 中危
- CVE编号: CVE-2000-0201
- 漏洞类型: 其他
- 发布时间: 2000-03-01
- 威胁类型: 远程
- 更新时间: 2005-05-02
- 厂 商: microsoft
- 漏洞来源: .');">Posted to Bugtraq ...
漏洞简介
Internet Explorer 5.x版本的window.showHelp()方法无法限制从本地主机执行HTML help文件(.chm)。远程攻击者借助Microsoft Networking可以执行任意命令。
漏洞公告
Microsoft has released the following patches to address this vulnerability. According to CERT/CC, the patch does not fully address all circumstances in which the vulnerability can be exploited. Please see http://www.cert.org/advisories/CA-2000-12.HTML for more details. The physical path disclosure detailed in the update under 'Discussion' is not addressed by this issue. Microsoft Internet Explorer 4.0 for Windows NT 4.0
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
- Microsoft Q259166_W2K_SP1_x86_en.EXEW2K_SP1_x86_en http://download.microsoft.com/download/ie501/Patch/1.0/NT5/EN-US/Q2591 66_W2K_SP1_x86_en.EXE
- Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe
参考网址
来源: BID 名称: 1033 链接:http://www.securityfocus.com/bid/1033
受影响实体
- Microsoft Ie:5.0
- Microsoft Ie:5.01
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
评论