CVE-2001-0664
CVSS7.5
发布时间 :2001-10-30 00:00:00
修订时间 :2016-10-17 22:11:39
NMCOE    

[原文]Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."


[CNNVD]Microsoft Internet Explorer Zone欺骗漏洞(CNNVD-200110-123)

        Internet Explorer 5.5版本和5.01版本存在漏洞。远程攻击者可以借助含不带电IP地址的畸形URL绕过安全限制,该漏洞导致Internet Explorer处理Intranet Zone中的页面,并且可能有较少的安全限制,也称为"Zone Spoofing vulnerability"。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:ie:5.01Microsoft Internet Explorer 5.01
cpe:/a:microsoft:ie:5.5Microsoft ie 5.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0664
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0664
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200110-123
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=100281551611595&w=2
(UNKNOWN)  BUGTRAQ  20011011 Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing
http://morph3us.org/blog/?p=31
(UNKNOWN)  MISC  http://morph3us.org/blog/?p=31
http://www.microsoft.com/technet/security/bulletin/MS01-051.asp
(VENDOR_ADVISORY)  MS  MS01-051
http://www.securityfocus.com/bid/3420
(UNKNOWN)  BID  3420
http://xforce.iss.net/static/7258.php
(UNKNOWN)  XF  ie-incorrect-security-zone(7258)

- 漏洞信息

Microsoft Internet Explorer Zone欺骗漏洞
高危 输入验证
2001-10-30 00:00:00 2005-10-12 00:00:00
远程  
        Internet Explorer 5.5版本和5.01版本存在漏洞。远程攻击者可以借助含不带电IP地址的畸形URL绕过安全限制,该漏洞导致Internet Explorer处理Intranet Zone中的页面,并且可能有较少的安全限制,也称为"Zone Spoofing vulnerability"。

- 公告与补丁

        Microsoft has released the following patches which rectify this issue. It should be noted that users with IE 5.5 and 5.01 require SP2 before installing the patch.
        Microsoft Internet Explorer 5.0.1 SP2
        
        Microsoft Internet Explorer 5.5 SP2
        

- 漏洞信息 (21118)

Microsoft Internet Explorer 5 Zone Spoofing Vulnerability (EDBID:21118)
windows remote
2001-10-10 Verified
0 kikkert security
N/A [点击下载]
source: http://www.securityfocus.com/bid/3420/info

Microsoft Internet Explorer contains a security-setting feature that can be modified according to a user's preferences. These settings control what actions a web site can take on a user's system.

A vulnerability exists in Internet Explorer, which could allow a web site to be viewed in the Local Intranet Zone, rather than the Internet Zone. Thus, allowing content to be viewed with less-restrictive security settings.

Converting the IP address of the target web site into a dotless IP address, and submitting it, will cause Internet Explorer to view the web site in the Local Intranet zone.

* Microsoft Security Bulletin MS01-055 states that there is a new variant of this issue, although no technical details have been provided. A cumulative patch has been released and IE 5.5 users are encouraged to install it. 

Example:

An option in a basic authenticated site is to pass on a username (and/or
password) in the URL like this:

http://mike@msdn.microsoft.com

Another possibility is to convert an IP address into a dotless IP address;
such an address is also called a DWORD address (some proxy servers, routers
or web servers do not allow this).

http://msdn.microsoft.com - IP: 207.46.239.122

Convert this IP address to a DWORD address:

207 * 16777216 = 3472883712
46 * 65536 = 3014656
239 * 256 = 61184
122 * 1 = 122
------------------------------------------------ +
= 3475959674

This DWORD address can be used to visit the site like:

http://3475959674
If we combine the URL login option with the DWORD IP address we'll get the
following URL:

http://mike@3475959674

The browser still thinks we are in the internet zone as expected.

Now we change the @ sign to its ASCII equivalent (%40):


------------------------
http://mike%403475959674
------------------------ 		

- 漏洞信息

1971
Microsoft IE Dotless IP Zone Spoofing Weakness
Context Dependent Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Microsoft Internet Explorer contains a flaw related to the way dotless IP addresses are classified with respect to their security zone. This flaw may allow an attacker to have Internet Explorer interpret a site of the Internet security zone as a site of the Intranet security zone and therefore execute in a context of lower security.

- 时间线

2001-10-10 Unknow
2011-10-10 Unknow

- 解决方案

Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): increase the security settings of the Intranet security zone to match the security settings of the Internet security zone.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站