漏洞信息详情
Microsoft Internet Explorer 安全漏洞
- CNNVD编号:CNNVD-200305-038
- 危害等级: 低危
- CVE编号: CVE-2003-0114
- 漏洞类型: 其他
- 发布时间: 2003-02-03
- 威胁类型: 远程
- 更新时间: 2021-07-26
- 厂 商: microsoft
- 漏洞来源: Jouko Pynn?nen of ...
漏洞简介
Microsoft Internet Explorer(IE)是美国微软(Microsoft)公司的一款Windows操作系统附带的Web浏览器。
Microsoft Internet Explorer存在安全漏洞。远程攻击者可以利用这个漏洞构建恶意页面,诱使用户访问,可能以IE用户进程权限在系统上执行任意指令。HTTP是用于WEB服务器和WEB浏览器之间的通信协议,当WEB页面浏览时,浏览器发送HTTP请求给服务器,服务器会发送包含WEB页的应答,除了文档部分会显示给用户,HTTP应答包含部分字段如规定文档必须如何表示也会传递给浏览器。由于缺少充分的输入验证,MSIE在接收到部分头字段包含超长字符串的HTTP应答时会发生缓冲区溢出。问题代码存在于URLMON.DLL库中。攻击者构建恶意页面,诱使用户访问,当用户请求后产生的恶意应答可能以IE用户进程权限在系统上执行任意指令。
漏洞公告
厂商补丁:
Microsoft
---------
厂商已经发布了补丁以修补此漏洞:
Microsoft Internet Explorer 5.0.1 SP3:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp" target="_blank">
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Microsoft Internet Explorer 5.0.1 SP2:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp" target="_blank">
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Microsoft Internet Explorer 5.0.1 SP1:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp" target="_blank">
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Microsoft Internet Explorer 5.0.1:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp" target="_blank">
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Microsoft Internet Explorer 5.5 SP2:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp" target="_blank">
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Microsoft Internet Explorer 5.5 SP1:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp" target="_blank">
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Microsoft Internet Explorer 5.5:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp" target="_blank">
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Microsoft Internet Explorer 6.0 SP1:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp" target="_blank">
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Microsoft Internet Explorer 6.0:
Microsoft Patch Q813489
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp" target="_blank">
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
参考网址
来源:MS
链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963
来源:BUGTRAQ
链接:http://marc.info/?l=bugtraq&m=104429340817718&w=2
受影响实体
- Microsoft Ie:6.0
- Microsoft Ie:6.0:Sp1
- Microsoft Ie:5.5:Sp2
- Microsoft Ie:5.0.1
- Microsoft Ie:5.0.1:Sp1
补丁
暂无
评论