Microsoft MSHTML.DLL 缓冲区错误漏洞

admin

0
文章

0
评论

2022-07-22 11:27:30 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Microsoft MSHTML.DLL 缓冲区错误漏洞

CNNVD编号：CNNVD-200407-071
危害等级：超危
CVE编号： CVE-2003-1048
漏洞类型：缓冲区错误
发布时间： 2003-09-02
威胁类型：远程
更新时间： 2021-07-26
厂商： microsoft
漏洞来源： Marc Ruef※ marc.ru...

漏洞简介

Microsoft MSHTML.DLL是美国微软（Microsoft）公司的一个用于解析HTML语言的动态链接库，IE、Outlook、Outlook Express等应用程序都使用了该动态链接库。

Microsoft MSHTML.DLL存在缓冲区错误漏洞。MSHTML.DLL在处理畸形GIF图象时，未能正确处理非法头字段信息，远程攻击者可以利用这个漏洞构建包含恶意GIF图象的HTML页面，诱使用户访问，可导致IE或者OUTLOOK崩溃。目前没有详细漏洞细节提供。

漏洞公告

厂商补丁：

Microsoft

---------

Microsoft已经为此发布了一个安全公告(MS04-025)以及相应补丁:

MS04-025：Cumulative Security Update for Internet Explorer (867801)

链接：

http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx" target="_blank">

http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx

补丁下载：

Internet Explorer 5.01 Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=507E71EF-076B-43C4-8028-E91FCFAB252B&displaylang=en" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=507E71EF-076B-43C4-8028-E91FCFAB252B&displaylang=en

Internet Explorer 5.01 Service Pack 3

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AA6F31D-7350-43F8-B72E-ED9D62577A60&displaylang=en" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AA6F31D-7350-43F8-B72E-ED9D62577A60&displaylang=en

Internet Explorer 5.01 Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=862E6914-821A-4C51-985B-C3958FAD3D4C&displaylang=en" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=862E6914-821A-4C51-985B-C3958FAD3D4C&displaylang=en

Internet Explorer 5.5 Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=E458480C-93F6-454A-A663-FC187C18CD9B&displaylang=en" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=E458480C-93F6-454A-A663-FC187C18CD9B&displaylang=en

Internet Explorer 6

http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2F8A40-1B88-4F93-98B1-1619DCFD7273&displaylang=en" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2F8A40-1B88-4F93-98B1-1619DCFD7273&displaylang=en

Internet Explorer 6 Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=06F49985-F19F-4B50-A75F-7636D8BEE576&displaylang=en" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=06F49985-F19F-4B50-A75F-7636D8BEE576&displaylang=en

Internet Explorer 6 Service Pack 1 (64-Bit Edition)

http://www.microsoft.com/downloads/details.aspx?FamilyId=FCDA580D-9E3B-4B44-BD65-C8D37A0DD62D&displaylang=en" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=FCDA580D-9E3B-4B44-BD65-C8D37A0DD62D&displaylang=en

Internet Explorer 6 for Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=D86262D9-C66A-4608-8DBE-2492B4AFBC3B&displaylang=en" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=D86262D9-C66A-4608-8DBE-2492B4AFBC3B&displaylang=en

Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)

http://www.microsoft.com/downloads/details.aspx?FamilyId=1AA8F5A9-71D3-48F7-BB32-F8A4D36C5FB9&displaylang=en" target="_blank">

http://www.microsoft.com/downloads/details.aspx?FamilyId=1AA8F5A9-71D3-48F7-BB32-F8A4D36C5FB9&displaylang=en

参考网址

来源:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-1048※http://www.securityfocus.com/bid/8530※http://www.nsfocus.net/vulndb/5370

链接:无

来源:FULLDISC

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.HTML

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509

来源:FULLDISC

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.HTML

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206

来源:CIAC

链接:http://www.ciac.org/ciac/bulletins/o-191.sHTML

来源:BID

链接:https://www.securityfocus.com/bid/8530

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236

来源:CERT

链接:http://www.us-cert.gov/cas/techalerts/TA04-212A.HTML

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/16804

来源:FULLDISC

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.HTML

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212

来源:MS

链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025

来源:CERT-VN

链接:http://www.kb.cert.org/vuls/id/685364

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100

受影响实体

Microsoft Outlook:2002:Sp1
Microsoft Outlook:2002:Sp2
Microsoft Ie:5.0.1:Sp1
Microsoft Ie:5.0.1:Sp2
Microsoft Ie:5.0.1:Sp3

补丁

暂无

特别声明

本站(ZONE.CI)所有文章仅供技术研究，若将其信息做其他用途，由用户承担全部法律及连带责任，本站不承担任何法律及连带责任，请遵守中华人民共和国安全法.

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

咨询加Q：999999999

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

ZONE.CI 全球网安全领域涉猎者-乌云独行地带

ZONE.CI 全球网

Plugins

WordPress

Web前端

设计资源

Microsoft MSHTML.DLL 缓冲区错误漏洞

漏洞信息详情

Microsoft MSHTML.DLL 缓冲区错误漏洞

漏洞简介

漏洞公告

参考网址

受影响实体

补丁

ISS RealSecure Server Sensor SSL远程拒绝服务攻击漏洞

Microsoft MSHTML.DLL 缓冲区错误漏洞

Stunnel泄露文件描述符漏洞

Pine rfc2231_get_param()远程整数溢出漏洞

Leafnode fetchnews远程拒绝服务攻击漏洞

KDbg任意命令执行漏洞

Microsoft Internet Explorer 安全漏洞

Microsoft Internet Explorer XML页对象类型确认漏洞

Mozilla Browser Script.prototype.freeze/thaw任意代码执行漏洞

Mozilla Browser Cookie路径限制绕过漏洞

ZONE.CI 全球网