漏洞信息详情
Microsoft MSHTML.DLL 缓冲区错误漏洞
- CNNVD编号:CNNVD-200407-071
- 危害等级: 超危
- CVE编号: CVE-2003-1048
- 漏洞类型: 缓冲区错误
- 发布时间: 2003-09-02
- 威胁类型: 远程
- 更新时间: 2021-07-26
- 厂 商: microsoft
- 漏洞来源: Marc Ruef※ marc.ru...
漏洞简介
Microsoft MSHTML.DLL是美国微软(Microsoft)公司的一个用于解析HTML语言的动态链接库,IE、Outlook、Outlook Express等应用程序都使用了该动态链接库。
Microsoft MSHTML.DLL存在缓冲区错误漏洞。MSHTML.DLL在处理畸形GIF图象时,未能正确处理非法头字段信息,远程攻击者可以利用这个漏洞构建包含恶意GIF图象的HTML页面,诱使用户访问,可导致IE或者OUTLOOK崩溃。目前没有详细漏洞细节提供。
漏洞公告
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS04-025)以及相应补丁:
MS04-025:Cumulative Security Update for Internet Explorer (867801)
链接:
http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx" target="_blank">
http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx
补丁下载:
Internet Explorer 5.01 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=507E71EF-076B-43C4-8028-E91FCFAB252B&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=507E71EF-076B-43C4-8028-E91FCFAB252B&displaylang=en
Internet Explorer 5.01 Service Pack 3
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AA6F31D-7350-43F8-B72E-ED9D62577A60&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AA6F31D-7350-43F8-B72E-ED9D62577A60&displaylang=en
Internet Explorer 5.01 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=862E6914-821A-4C51-985B-C3958FAD3D4C&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=862E6914-821A-4C51-985B-C3958FAD3D4C&displaylang=en
Internet Explorer 5.5 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=E458480C-93F6-454A-A663-FC187C18CD9B&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=E458480C-93F6-454A-A663-FC187C18CD9B&displaylang=en
Internet Explorer 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2F8A40-1B88-4F93-98B1-1619DCFD7273&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C2F8A40-1B88-4F93-98B1-1619DCFD7273&displaylang=en
Internet Explorer 6 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=06F49985-F19F-4B50-A75F-7636D8BEE576&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=06F49985-F19F-4B50-A75F-7636D8BEE576&displaylang=en
Internet Explorer 6 Service Pack 1 (64-Bit Edition)
http://www.microsoft.com/downloads/details.aspx?FamilyId=FCDA580D-9E3B-4B44-BD65-C8D37A0DD62D&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=FCDA580D-9E3B-4B44-BD65-C8D37A0DD62D&displaylang=en
Internet Explorer 6 for Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=D86262D9-C66A-4608-8DBE-2492B4AFBC3B&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=D86262D9-C66A-4608-8DBE-2492B4AFBC3B&displaylang=en
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)
http://www.microsoft.com/downloads/details.aspx?FamilyId=1AA8F5A9-71D3-48F7-BB32-F8A4D36C5FB9&displaylang=en" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=1AA8F5A9-71D3-48F7-BB32-F8A4D36C5FB9&displaylang=en
参考网址
来源:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-1048※http://www.securityfocus.com/bid/8530※http://www.nsfocus.net/vulndb/5370
链接:无
来源:FULLDISC
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.HTML
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509
来源:FULLDISC
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.HTML
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206
来源:CIAC
链接:http://www.ciac.org/ciac/bulletins/o-191.sHTML
来源:BID
链接:https://www.securityfocus.com/bid/8530
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236
来源:CERT
链接:http://www.us-cert.gov/cas/techalerts/TA04-212A.HTML
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/16804
来源:FULLDISC
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.HTML
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212
来源:MS
链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/685364
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100
受影响实体
- Microsoft Outlook:2002:Sp1
- Microsoft Outlook:2002:Sp2
- Microsoft Ie:5.0.1:Sp1
- Microsoft Ie:5.0.1:Sp2
- Microsoft Ie:5.0.1:Sp3
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论