漏洞信息详情
Intuit QuickBooks Online Edition ActiveX控件畸形用户请求栈缓冲区溢出漏洞
- CNNVD编号:CNNVD-200709-037
- 危害等级: 超危
- CVE编号: CVE-2007-0322
- 漏洞类型: 缓冲区溢出
- 发布时间: 2007-09-05
- 威胁类型: 远程
- 更新时间: 2007-09-11
- 厂 商: intuit
- 漏洞来源: Will Dormann
漏洞简介
QuickBooks Online Edition是一款在线财务软件。
QuickBooks Online Edition的ActiveX控件处理在处理畸形用户请求时存在漏洞,远程攻击者可能利用此漏洞控制用户系统。
漏洞公告
临时解决方法:
在IE中为以下CLSID设置kill bit:
{CF9DEB90-8DE3-11D5-BAE4-00105AAAFF94}
{4F720B9C-24B1-4948-A035-8853DC01F19E}
{2EFF8C97-F2A8-4395-9F47-9A06F998BF88}
{2CC3D8DE-18BF-43ff-8CB8-21B442300FD5}
{DBB177CC-6908-4b53-9BEE-F1C697818D65}
{A80D199B-CFDD-4da4-8C47-2310D5B8DD97}
{0D3983A9-4E29-4f33-8313-DA22B29D3F87}
{D92D7607-05D9-4dd8-B68B-D458948FB883}
{8CE3BAE6-AB66-40b6-9019-41E5282FF1E2}
{40F8967E-34A6-474a-837A-CEC1E7DAC54C}
或将以下文本保存为.REG文件并导入:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{CF9DEB90-8DE3-11D5-BAE4-00105AAAFF94}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{4F720B9C-24B1-4948-A035-8853DC01F19E}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{2EFF8C97-F2A8-4395-9F47-9A06F998BF88}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{2CC3D8DE-18BF-43ff-8CB8-21B442300FD5}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{DBB177CC-6908-4b53-9BEE-F1C697818D65}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{A80D199B-CFDD-4da4-8C47-2310D5B8DD97}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{0D3983A9-4E29-4f33-8313-DA22B29D3F87}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{D92D7607-05D9-4dd8-B68B-D458948FB883}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{8CE3BAE6-AB66-40b6-9019-41E5282FF1E2}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{40F8967E-34A6-474a-837A-CEC1E7DAC54C}]
"Compatibility Flags"=dword:00000400
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://oe.quickbooks.com/index.cfm
参考网址
来源: US-CERT
名称: VU#907481
链接:http://www.kb.cert.org/vuls/id/907481
来源: XF
名称: quickbooks-activex-bo(36462)
链接:http://xforce.iss.net/xforce/xfdb/36462
来源: BID
名称: 25544
链接:http://www.securityfocus.com/bid/25544
来源: SECUNIA
名称: 26659
链接:http://secunia.com/advisories/26659
受影响实体
- Intuit Quickbooks:Online
补丁
暂无
评论