漏洞信息详情

MS IE HTML Help捷径漏洞

• CNNVD编号：CNNVD-200003-002
• 危害等级： 中危
  
• CVE编号： CVE-2000-0201
• 漏洞类型： 其他
• 发布时间： 2000-03-01
• 威胁类型： 远程
• 更新时间： 2005-05-02
• 厂        商： microsoft
• 漏洞来源： .');">Posted to Bugtraq ...

漏洞简介

Internet Explorer 5.x版本的window.showHelp()方法无法限制从本地主机执行HTML help文件(.chm)。远程攻击者借助Microsoft Networking可以执行任意命令。

漏洞公告

Microsoft has released the following patches to address this vulnerability. According to CERT/CC, the patch does not fully address all circumstances in which the vulnerability can be exploited. Please see http://www.cert.org/advisories/CA-2000-12.HTML for more details. The physical path disclosure detailed in the update under 'Discussion' is not addressed by this issue. Microsoft Internet Explorer 4.0 for Windows NT 4.0

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

Microsoft Internet Explorer 4.0

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

Microsoft Internet Explorer 4.0 for Windows 95

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

Microsoft Internet Explorer 4.0.1 for Windows NT 4.0

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

Microsoft Internet Explorer 4.0.1

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

Microsoft Internet Explorer 5.0 for Windows 95

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

Microsoft Internet Explorer 5.0 for Windows 98

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

Microsoft Internet Explorer 5.0 for Windows NT 4.0

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

Microsoft Internet Explorer 5.0.1 for Windows 95

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

Microsoft Internet Explorer 5.0.1 for Windows 98

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

Microsoft Internet Explorer 5.0.1 for Windows 2000

• Microsoft Q259166_W2K_SP1_x86_en.EXEW2K_SP1_x86_en http://download.microsoft.com/download/ie501/Patch/1.0/NT5/EN-US/Q2591 66_W2K_SP1_x86_en.EXE

Microsoft Internet Explorer 5.0.1 for Windows NT 4.0

• Microsoft hhupd http://download.microsoft.com/download/ie5/Patch/1.0/W9XNT4/EN-US/hhup d.exe

参考网址

来源: BID 名称: 1033 链接:http://www.securityfocus.com/bid/1033

受影响实体

• Microsoft Ie:5.0  
• Microsoft Ie:5.01  

补丁

暂无