漏洞信息详情
Microsoft IE CAttrArray对象远程代码执行漏洞
- CNNVD编号:CNNVD-200912-116
- 危害等级: 超危
- CVE编号: CVE-2009-3674
- 漏洞类型: 资源管理错误
- 发布时间: 2009-12-09
- 威胁类型: 远程
- 更新时间: 2019-02-27
- 厂 商: microsoft
- 漏洞来源: ZDIhttp://www.zero...
漏洞简介
Internet Explorer是Windows操作系统中默认捆绑的WEB浏览器。
IE在解除CAttrArray对象的循环引用时存在内存破坏漏洞。如果关闭网页之前释放了CAttrArray对象,IE在解除分配循环指针期间会访问已释放的内存,这可能导致以当前登录用户的权限执行任意指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft Internet Explorer 8
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=0dd50357-64f2 -4286-86ba-c512e65eed2a
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=e62aba15-5eeb -46a2-a142-bfca94016c55
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=6c003629-77bf -4735-bd4a-c37c4386f869
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=0c9af3b5-d015 -4025-bbb4-1a5113e9113f
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=5af3be0b-2dd2 -4039-90e1-2278e9c5aee5
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=9d9a04c8-a019 -4943-8e93-c6bfd77c8960
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=43660133-43e1 -41f3-8a82-98c4a739914f
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Syste
http://www.microsoft.com/downloads/details.aspx?familyid=2c1b96f2-b3c3 -4711-a9ad-b2133ea7bf81
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=bcb38127-787f -49b0-b3fb-62f6a8628d89
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=22972970-740f -4c50-93ec-f6d49dd1b360
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=47d5ada1-1d60 -4233-bdd3-64918b5e1245
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB976325)
http://www.microsoft.com/downloads/details.aspx?familyid=1e466b48-422f -4c80-8fdf-ba61111942b1
参考网址
来源:SECTRACK
链接:http://www.securitytracker.com/id?1023293
来源:CERT
链接:http://www.us-cert.gov/cas/techalerts/TA09-342A.HTML
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6570
来源:MS
链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072
受影响实体
- Microsoft Ie:8
- Microsoft Ie:6
- Microsoft Ie:7
- Microsoft Ie:6:Sp1
- Microsoft Ie:5.0.1:Sp4
补丁
暂无
评论