CVE-1999-0702
CVSS10.0
发布时间 :1999-09-10 00:00:00
修订时间 :2008-09-09 00:00:00
NMCOES    

[原文]Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.


[CNNVD]Microsoft IE导入/导出收藏夹漏洞(CNNVD-199909-018)

        Internet Explorer 5.0以及5.01版本存在漏洞。远程攻击者可以借助导入/导出收藏夹功能修改或执行文件,也称为“ImportExportFavorites”漏洞。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-94 [对生成代码的控制不恰当(代码注入)]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:ie:5.0Microsoft Internet Explorer 5.0
cpe:/a:microsoft:ie:4.0.1Microsoft Internet Explorer 4.0.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0702
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0702
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199909-018
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/627
(UNKNOWN)  BID  627
http://www.microsoft.com/technet/security/bulletin/ms99-037.mspx
(UNKNOWN)  MS  MS99-037
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q241361
(UNKNOWN)  MSKB  Q241361

- 漏洞信息

Microsoft IE导入/导出收藏夹漏洞
危急 未知
1999-09-10 00:00:00 2005-10-12 00:00:00
远程※本地  
        Internet Explorer 5.0以及5.01版本存在漏洞。远程攻击者可以借助导入/导出收藏夹功能修改或执行文件,也称为“ImportExportFavorites”漏洞。

- 公告与补丁

        Microsoft has released patches for this vulnerability. From the Microsoft Advisory (MS99-037):
        - Internet Explorer 4.01 for Intel:
         ftp://ftp.microsoft.com/peropsys/ie/ie-public/fixes/usa/IE401/ImportExportFavorites-fix/x86/q241361.exe
        - Internet Explorer 4.01 for Alpha:
         ftp://ftp.microsoft.com/peropsys/ie/ie-public/fixes/usa/IE401/ImportExportFavorites-fix/Alpha/q241361.exe
        - Internet Explorer 5 for Intel:
         ftp://ftp.microsoft.com/peropsys/ie/ie-public/fixes/usa/IE50/ImportExportFavorites-fix/x86/q241361.exe
        - Internet Explorer 5 for Alpha:
         ftp://ftp.microsoft.com/peropsys/ie/ie-public/fixes/usa/IE50/ImportExportFavorites-fix/Alpha/q241361.exe

- 漏洞信息 (19490)

MS IE 4.0.1/5.0 Import/Export Favorites Vulnerability (EDBID:19490)
windows remote
1999-09-10 Verified
0 Georgi Guninski
N/A [点击下载]
Microsoft Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Import/Export Favorites Vulnerability

source: http://www.securityfocus.com/bid/627/info

The ImportExportFavorites() method, used to import and export favorites to/from a file in IE5, can be made to write to any file on the system, in some cases from an email or remote webpage.

This will create a file in the root of C: containing the user's favorites.
<SCRIPT>
window.external.ImportExportFavorites(0,"c:\\fav.hta");
</SCRIPT>		

- 漏洞信息

1069
Microsoft IE Import/Export Favorites
Context Dependent Input Manipulation
Loss of Integrity Patch / RCS
Exploit Public Vendor Verified

- 漏洞描述

- 时间线

1999-09-09 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft IE Import/Export Favorites Vulnerability
Unknown 627
Yes Yes
1999-09-10 12:00:00 2013-04-19 02:40:00
Posted to Bugtraq Sep 10, 1999 by Georgi Guninski <joro@nat.bg>. Further credit is given to Shane Hird of Australia and Richard Smith of Phar Lap Software

- 受影响的程序版本

Microsoft Internet Explorer 4.0.1 for Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Internet Explorer 4.0.1 for Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
Microsoft Internet Explorer 4.0.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
Microsoft Internet Explorer 5.0 for Windows NT 4
+ Microsoft Windows NT 4.0
+ Microsoft Windows NT 4.0
Microsoft Internet Explorer 5.0 for Windows 98
+ Microsoft Windows 98
+ Microsoft Windows 98
Microsoft Internet Explorer 5.0 for Windows 95
+ Microsoft Windows 95
+ Microsoft Windows 95
Microsoft Internet Explorer 5.0 for Windows 2000
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional

- 漏洞讨论

The ImportExportFavorites() method, used to import and export favorites to/from a file in IE5, can be made to write to any file on the system, in some cases from an email or remote webpage.

- 漏洞利用

This will create a file in the root of C: containing the user's favorites.
&lt;SCRIPT&gt;
window.external.ImportExportFavorites(0,"c:\\fav.hta");
&lt;/SCRIPT&gt;

Full demonstrations are available at:
http://www.nat.bg/~joro/imp.html

- 解决方案

Microsoft has released patches for this vulnerability. From the Microsoft Advisory (MS99-037):

- Internet Explorer 4.01 for Intel:
ftp://ftp.microsoft.com/peropsys/ie/ie-public/fixes/usa/IE401/ImportExportFavorites-fix/x86/q241361.exe

- Internet Explorer 4.01 for Alpha:
ftp://ftp.microsoft.com/peropsys/ie/ie-public/fixes/usa/IE401/ImportExportFavorites-fix/Alpha/q241361.exe

- Internet Explorer 5 for Intel:
ftp://ftp.microsoft.com/peropsys/ie/ie-public/fixes/usa/IE50/ImportExportFavorites-fix/x86/q241361.exe

- Internet Explorer 5 for Alpha:
ftp://ftp.microsoft.com/peropsys/ie/ie-public/fixes/usa/IE50/ImportExportFavorites-fix/Alpha/q241361.exe

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站