漏洞信息详情
Microsoft Internet Explorer非法事件操作内存破坏漏洞
- CNNVD编号:CNNVD-201001-153
- 危害等级: 超危
- CVE编号: CVE-2010-0249
- 漏洞类型: 资源管理错误
- 发布时间: 2010-01-15
- 威胁类型: 远程
- 更新时间: 2011-07-13
- 厂 商: microsoft
- 漏洞来源: Microsoft
漏洞简介
Microsoft Internet Explorer是美国微软(Microsoft)公司发布的Windows操作系统中默认捆绑的Web浏览器。
Microsoft Internet Explorer在处理非法的事件操作时存在内存破坏漏洞。由于在创建对象以后没有增加相应的访问记数,恶意的对象操作流程可能导致指针指向被释放后重使用的内存,远程攻击者可通过诱使用户访问恶意网页非法操作内存在用户系统上执行指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft Internet Explorer 7.0
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=14726445-3ff4 -463c-9fc1-c9b758079aca
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (K
http://www.microsoft.com/downloads/details.aspx?FamilyID=5622f223-df9c -4a6a-bdf0-feebaf9920fd
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=c8742230-16d8 -4b2f-bd3e-8834c759856b
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=3510c7d8-7e8f -479e-b6f9-5745a845664d
Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=cc5aea0b-e553 -4f7f-a2cc-cba41bb87ae7
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=8c4c91ec-1b2b -4176-bd77-45245b590329
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?FamilyID=9395547f-b620 -4cbd-9ff5-11b76cd73859
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=4f9975b8-3f91 -4116-9200-ef55ece75854
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=92495551-dedd -43d4-bb3a-51028bc5c6d6
Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?FamilyID=3cb139b3-59f4 -44ef-9911-4dd4e3b83e7d
Microsoft Internet Explorer 8
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=7d480c87-2ca9 -4505-a59d-a6d73d001fa5
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=3e2e740b-8417 -4758-8468-15221249ec71
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=7c2948fb-f486 -4801-bc21-bbf40d5a78c2
Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=41b83fad-948b -4a9c-80ed-9c5a60bd35b4
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=278443c1-15dc -436b-893b-ffea6d29d16d
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=a584cd0f-2e05 -4e36-8858-0ffead637162
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=f5ce8582-af63 -4870-bee3-0abeeefa1458
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Syste
http://www.microsoft.com/downloads/details.aspx?familyid=9d137bab-8312 -4240-af74-c65ba652fde0
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=d3386793-a594 -4bc5-8308-28b561d43087
Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB978207)
http://www.microsoft.com/downloads/details.aspx?familyid=be11981c-d286 -4e3c-94bf-d4e67a975d5a
Microsoft Cumulative Security Update for Internet Explorer 8
参考网址
来源: US-CERT
名称: VU#492515
链接:http://www.kb.cert.org/vuls/id/492515
来源: XF
名称: ie-freed-object-code-execution(55642)
链接:http://xforce.iss.net/xforce/xfdb/55642
来源: VUPEN
名称: ADV-2010-0135
链接:http://www.vupen.com/english/advisories/2010/0135
来源: BID
名称: 37815
链接:http://www.securityfocus.com/bid/37815
来源: MS
名称: MS10-002
链接:http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx
来源: www.microsoft.com
链接:http://www.microsoft.com/technet/security/advisory/979352.mspx
来源: MISC
链接:http://www.exploit-db.com/exploits/11167
来源: MSKB
名称: 979352
链接:http://support.microsoft.com/kb/979352
来源: SECTRACK
名称: 1023462
链接:http://securitytracker.com/id?1023462
来源: OSVDB
名称: 61697
链接:http://osvdb.org/61697
来源: MISC
链接:http://news.cnet.com/8301-27080_3-10435232-245.HTML
来源: blogs.technet.com
链接:http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx 来源:NSFOCUS 名称:14349 链接:http://www.nsfocus.net/vulndb/14349
受影响实体
- Microsoft Internet_explorer:8
- Microsoft Internet_explorer:6:Sp1
- Microsoft Internet_explorer:7
- Microsoft Internet_explorer:8
- Microsoft Internet_explorer:6
补丁
- Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB978207)
- Cumulative Security Update for Internet Explorer 7 for Windows XP (KB978207)
- Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (KB978207)
- Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB978207)
- Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB978207)
评论