CVE-2003-0111
CVSS7.5
发布时间 :2003-05-05 00:00:00
修订时间 :2008-09-10 15:17:57
NMCOES    

[原文]The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."


[CNNVD]Microsoft Java虚拟机任意代码执行漏洞(MS03-011)(CNNVD-200305-009)

        
        Microsoft JVM是一款使用在Win32操作环境中的Java虚拟机系统,Microsoft JVM包含在大部分Windows版本中,也既包含在大部分Internet Explorer版本中。
        Microsoft Java虚拟机的ByteCode校验组件对部分恶意代码缺少正确检查,远程攻击者可以利用这个漏洞构建恶意页面,诱使用户访问,可能以用户进程权限在系统上执行任意命令。
        问题在于ByteCode校验组件中存在一个输入校验错误,当装载Java applet时没有检查部分恶意转移序列代码,攻击者构建恶意Java applet并包含在Web页中,诱使用户访问,恶意Java applet可以以用户权限执行任意代码。
        攻击者也可以利用EMAIL形式来触发此漏洞。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_2000::sp1:professionalMicrosoft Windows 2000 Professional SP1
cpe:/o:microsoft:windows_2000_terminal_services::sp3
cpe:/o:microsoft:windows_2000:::datacenter_server
cpe:/o:microsoft:windows_2000::sp1:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP1
cpe:/o:microsoft:windows_2000::sp3:professionalMicrosoft Windows 2000 Professional SP3
cpe:/o:microsoft:windows_2000::sp1:serverMicrosoft Windows 2000 Server SP1
cpe:/o:microsoft:windows_2000::sp3:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP3
cpe:/o:microsoft:windows_2000::sp3:advanced_serverMicrosoft Windows 2000 Advanced Server SP3
cpe:/o:microsoft:windows_2000_terminal_services::sp2
cpe:/o:microsoft:windows_2000::sp2:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP2
cpe:/a:microsoft:virtual_machine:3809
cpe:/o:microsoft:windows_2000:::server
cpe:/o:microsoft:windows_2000::sp2:advanced_serverMicrosoft Windows 2000 Advanced Server SP2
cpe:/o:microsoft:windows_2000::sp1:advanced_serverMicrosoft Windows 2000 Advanced Server SP1
cpe:/o:microsoft:windows_2000::sp3:serverMicrosoft Windows 2000 Server SP3
cpe:/o:microsoft:windows_2000::sp2:professionalMicrosoft Windows 2000 Professional SP2
cpe:/a:microsoft:virtual_machine:3802
cpe:/o:microsoft:windows_2000:::advanced_server
cpe:/o:microsoft:windows_2000_terminal_services::sp1
cpe:/o:microsoft:windows_2000::sp2:serverMicrosoft Windows 2000 Server SP2
cpe:/o:microsoft:windows_2000:::professional
cpe:/a:microsoft:virtual_machine:3805
cpe:/o:microsoft:windows_2000_terminal_services

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:136Microsoft Java Virtual Machine Security Bypass
oval:gov.nist.fdcc.patch:def:11526MS03-011: Flaw in Microsoft VM Could Enable System Compromise (816093)
oval:gov.nist.USGCB.patch:def:11526MS03-011: Flaw in Microsoft VM Could Enable System Compromise (816093)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0111
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0111
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200305-009
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/447569
(VENDOR_ADVISORY)  CERT-VN  VU#447569
http://www.microsoft.com/technet/security/bulletin/ms03-011.asp
(VENDOR_ADVISORY)  MS  MS03-011
http://www.iss.net/security_center/static/11751.php
(VENDOR_ADVISORY)  XF  msvm-bytecode-improper-validation(11751)

- 漏洞信息

Microsoft Java虚拟机任意代码执行漏洞(MS03-011)
高危 设计错误
2003-05-05 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft JVM是一款使用在Win32操作环境中的Java虚拟机系统,Microsoft JVM包含在大部分Windows版本中,也既包含在大部分Internet Explorer版本中。
        Microsoft Java虚拟机的ByteCode校验组件对部分恶意代码缺少正确检查,远程攻击者可以利用这个漏洞构建恶意页面,诱使用户访问,可能以用户进程权限在系统上执行任意命令。
        问题在于ByteCode校验组件中存在一个输入校验错误,当装载Java applet时没有检查部分恶意转移序列代码,攻击者构建恶意Java applet并包含在Web页中,诱使用户访问,恶意Java applet可以以用户权限执行任意代码。
        攻击者也可以利用EMAIL形式来触发此漏洞。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS03-011)以及相应补丁:
        MS03-011:Flaw in Microsoft VM Could Enable System Compromise (816093)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS03-011.asp

        用户可以通过Windows Update(
        http://windowsupdate.microsoft.com/)来更新Microsoft
VM。
        Windows 2000 Service Packs 2 & 3用户可以按如下地址获得补丁:
        All except Japanese NEC
        
        http://microsoft.com/downloads/details.aspx?FamilyId=DD870EAC-69EF-4287-9A07-6C740F162644&displaylang=en

        NEC Japanese
        
        http://microsoft.com/downloads/details.aspx?FamilyId=DD870EAC-69EF-4287-9A07-6C740F162644&displaylang=en

- 漏洞信息 (22027)

Microsoft Java Virtual Machine 3802 Series Bytecode Verifier Vulnerability (EDBID:22027)
windows remote
2002-11-21 Verified
0 Last Stage of Delirium
N/A [点击下载]
source: http://www.securityfocus.com/bid/6221/info

The Microsoft Java virtual machine implementation contains a vulnerability that may allow for malicious Java applets to escape the security sandbox.

An applet constructed at the bytecode-level may be able to perform some illegal operations. If these operations are performed, it may be possible to escape the security constraints placed on the applet by the JVM.

Code execution with the privileges of the victim user may be possible.

http://www.exploit-db.com/sploits/22027-1.tar.gz

http://www.exploit-db.com/sploits/22027-2.tar.gz

http://www.exploit-db.com/sploits/22027-3.tar.gz		

- 漏洞信息

2969
Microsoft VM Bytecode Verifier Execute Arbitrary Code

- 漏洞描述

Microsoft Virtual Machine (VM) may allow remote attackers to bypass security checks and execute arbitrary code. This flaw is due to the ByteCode Verifier component and the fact it does not check for the presence of certain malicious code when a Java applet is loaded. This can be exploited by placing the macicious code in an HTML document and luring a vulnerable machine to load it via Internet Explorer or a mail reader.

- 时间线

2002-11-21 Unknow
2002-11-21 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft Java Virtual Machine Bytecode Verifier Vulnerability
Design Error 6221
Yes No
2002-11-21 12:00:00 2009-07-11 07:16:00
Discovery of this vulnerability credited to Last Stage of Delirium <contact@lsd-pl.net>.

- 受影响的程序版本

Microsoft Windows 2000 Terminal Services SP3
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Terminal Services SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Terminal Services SP1
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Terminal Services
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft Virtual Machine 3809 Series
Microsoft Virtual Machine 3805 Series
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.0
Microsoft Virtual Machine 3802 Series
+ Microsoft Internet Explorer 5.0.1
+ Microsoft Internet Explorer 4.0.1
+ Microsoft Internet Explorer 5.5
+ Microsoft Internet Explorer 5.0
+ Microsoft Internet Explorer 4.0
Microsoft Virtual Machine 3810 Series

- 不受影响的程序版本

Microsoft Virtual Machine 3810 Series

- 漏洞讨论

The Microsoft Java virtual machine implementation contains a vulnerability that may allow for malicious Java applets to escape the security sandbox.

An applet constructed at the bytecode-level may be able to perform some illegal operations. If these operations are performed, it may be possible to escape the security constraints placed on the applet by the JVM.

Code execution with the privileges of the victim user may be possible.

- 漏洞利用

Last Stage of Delirium &lt;contact@lsd-pl.net&gt; have provided the following proof of concept code:

- 解决方案

This vulnerability does not affect the Microsoft JVM Build 3810 and later. Affected users are advised to download and install patches from Windows Update.

Windows 2000 Patches available:


Microsoft Windows 2000 Server SP2

Microsoft Windows 2000 Advanced Server SP3

Microsoft Windows 2000 Advanced Server SP2

Microsoft Windows 2000 Datacenter Server SP3

Microsoft Windows 2000 Terminal Services SP3

Microsoft Windows 2000 Server SP3

Microsoft Windows 2000 Datacenter Server SP2

Microsoft Windows 2000 Terminal Services SP2

Microsoft Windows 2000 Professional SP3

Microsoft Windows 2000 Professional SP2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站