漏洞信息详情
Microsoft Windows SMB客户端远程代码执行漏洞
- CNNVD编号:CNNVD-201004-267
- 危害等级: 超危
- CVE编号: CVE-2010-0270
- 漏洞类型: 输入验证
- 发布时间: 2010-04-14
- 威胁类型: 远程
- 更新时间: 2010-04-14
- 厂 商: microsoft
- 漏洞来源: Laurent Gaffi of s...
漏洞简介
Microsoft Windows是微软发布的非常流行的WEB浏览器。
Microsoft Windows SMB客户端存在远程代码执行漏洞。Microsoft Windows Server 2008 R2和Windows 7 的SMB客户端在SMB交易响应中无法正确验证字段,远程SMB服务器和中间人攻击者可以通过制作的(1)SMBv1或(2)SMBv2响应,执行任意代码,即\'\'SMB客户端交易漏洞\'\'。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
Microsoft Windows 7 for 32-bit Systems 0
Microsoft Security Update for Windows 7 (KB980232)
http://www.microsoft.com/downloads/details.aspx?familyid=389184C5-9001-497D-BDF4-81F97ECB617F
Microsoft Windows Server 2008 for Itanium-based Systems R2
Microsoft Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980232)
http://www.microsoft.com/downloads/details.aspx?familyid=541E9E2F-EC1D-42B2-AAE5-481C0D435169
Microsoft Windows Server 2008 for x64-based Systems R2
Microsoft Security Update for Windows Server 2008 R2 x64 Edition (KB980232)
http://www.microsoft.com/downloads/details.aspx?familyid=CD1A046E-915D-4904-B753-5A24BE10C504
Microsoft Windows 7 for x64-based Systems 0
Microsoft Security Update for Windows 7 for x64-based Systems (KB980232)
http://www.microsoft.com/downloads/details.aspx?familyid=F3495DAE-71F3-421D-A191-D26965F26AD1
参考网址
来源: US-CERT
名称: TA10-103A
链接:http://www.us-cert.gov/cas/techalerts/TA10-103A.HTML
来源: MS
名称: MS10-020
链接:http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
受影响实体
- Microsoft Windows_server_2008:R2:X64
- Microsoft Windows_server_2008:R2:Itanium
- Microsoft Windows_7:-:-:X32
- Microsoft Windows_7
- Microsoft Windows_7:-:-:X64
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论