漏洞信息详情
Microsoft DirectShow IPersistStreamInit 组件栈溢出漏洞
- CNNVD编号:CNNVD-200907-082
- 危害等级: 超危
- CVE编号: CVE-2008-0020
- 漏洞类型: 代码注入
- 发布时间: 2009-07-07
- 威胁类型: 远程
- 更新时间: 2009-09-08
- 厂 商: microsoft
- 漏洞来源: Robert Freeman
漏洞简介
Microsoft Windows是微软发布的非常流行的操作系统,DirectShow用于在Windows操作系统中处理流媒体 。
DirectShow(msvidctl.dll)的IPersistStreamInit组件中存在栈溢出漏洞。此漏洞可以通过IE浏览器远程利用,如果用户受骗访问了恶意网页并打开读取MPEG-2文件的话,就可能触发这个溢出,导致执行任意指令。目前这个漏洞正在被广泛的用于挂马攻击。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Cumulative Security Update for ActiveX Killbits for Windows Server 2008 (KB973346)
http://www.microsoft.com/downloads/details.aspx?FamilyID=0194f994-5821 -4fb9-b9e1-ed6af248c995&displaylang=en
Microsoft Windows Vista Home Premium SP2
Microsoft Cumulative Security Update for ActiveX Killbits for Windows Vista (KB973346)
http://www.microsoft.com/downloads/details.aspx?FamilyID=6c90240e-c201 -4dad-9835-ea71e3527b45&displaylang=en
Microsoft Security Update for Windows Vista (KB973768)
http://www.microsoft.com/downloads/details.aspx?familyid=59fefa17-0ad4 -4a62-82be-e6a2b7a0aec3&displaylang=en
Microsoft Windows ATL Component 0
Microsoft Security Update for Windows 2000 (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=c773149a-f4fc -486a-b718-6b8ff7a36ae2
Microsoft Security Update for Windows Server 2003 (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=7d9369b5-0c54 -4c17-bc62-fba0a7b4728c
Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=ad1791b3-8553 -4433-a9f7-8b4f857665be
Microsoft Security Update for Windows Server 2003 x64 Edition (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=90e0e014-ed7e -498a-9f61-18bb09a384b3
Microsoft Security Update for Windows Server 2008 (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=ba423491-6c29 -49f2-811b-ac3f9bbc58fc
Microsoft Security Update for Windows Server 2008 for Itanium-based Systems (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=e5612bb4-5f37 -4b38-bd2e-f198c413371c
Microsoft Security Update for Windows Server 2008 x64 Edition (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=b9311953-889a -415f-a396-250a005e95cd
Microsoft Security Update for Windows Vista (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=80de158d-157e -4c21-9154-c1dbd6e57cb3
Microsoft Security Update for Windows Vista for x64-based Systems (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=82940d30-6a30 -47ca-b184-2ac96e35c294
Microsoft Security Update for Windows XP (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=4b4c6fc5-e8e6 -4d89-a181-e231240468f9
Microsoft Security Update for Windows XP x64 Edition (KB973507)
http://www.microsoft.com/downloads/details.aspx?familyid=2f2b93fc-f977 -4f23-af90-c27f744fad0a
Microsoft Windows Vista Home Basic SP1
Microsoft Cumulative Security Update for ActiveX Killbits for Windows Vista (KB973346)
http://www.microsoft.com/downloads/details.aspx?FamilyID=6c90240e-c201 -4dad-9835-ea71e3527b45&displaylang=en
Microsoft Security Update for Windows Vista (KB973768)
http://www.microsoft.com/downloads/details.aspx?familyid=59fefa17-0ad4 -4a62-82be-e6a2b7a0aec3&displaylang=en
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Cumulative Security Update for ActiveX Killbits for Windows XP (KB973346)
http://www.microsoft.com/downloads/details.aspx?FamilyID=89d941f0-3f71 -46e3- http://www.microsoft.com/downloads/details.aspx?FamilyID=24701af 8-b87e-4e85-9463-f50755a1b6ad&displaylang=en-716561396b72&displaylang= en
Microsoft Windows XP Media Center Edition SP3
Microsoft Cumulative Security Update for ActiveX Killbits for Windows XP (KB973346)
http://www.microsoft.com/downloads/details.aspx?FamilyID=89d941f0-3f71 -46e3- http://www.microsoft.com/downloads/details.aspx?FamilyID=24701af 8-b87e-4e85-9463-f50755a1b6ad&displaylang=en-716561396b72&displaylang= en
Microsoft Security Update for Windows XP (KB973768)
http://www.microsoft.com/downloads/details.aspx?familyid=46aa443c-4e7b -4bd5-8b4e-0068c3dc0e79&displaylang=en
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Security Update for ActiveX Killbits for Windows Server 2003 (KB973346)
http://www.microsoft.com/downloads/details.aspx?FamilyID=b0a458d6-c34c -41c7-964a-c130cfcb0d01&displaylang=en
Microsoft Windows Vista Enterprise
Microsoft
参考网址
来源: US-CERT
名称: TA09-223A
链接:http://www.us-cert.gov/cas/techalerts/TA09-223A.HTML
来源: VUPEN
名称: ADV-2009-2232
链接:http://www.vupen.com/english/advisories/2009/2232
来源: MS
名称: MS09-037
链接:http://www.microsoft.com/technet/security/Bulletin/MS09-037.mspx
来源: SECTRACK
名称: 1022712
链接:http://www.securitytracker.com/id?1022712
来源: ISS
名称: 20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities
链接:http://www.iss.net/threats/329.HTML
来源: SECUNIA
名称: 36187
链接:http://secunia.com/advisories/36187
来源: MISC
链接:http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
受影响实体
- Microsoft Windows_2003_server:-:Sp2:Itanium
- Microsoft Windows_2003_server:-:Sp2:X64
- Microsoft Windows_2003_server:-:Sp2
- Microsoft Windows_xp:Sp2:Professional_x64
- Microsoft Windows_xp:-:Sp3
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论