[原文]Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution."
[CNNVD]Microsoft Internet Explorer Dialog Style同源策略绕过漏洞(CNNVD-200305-018)
Microsoft Internet Explorer是一款流行的WEB服务程序。 MSIE对对话窗口格式(dialog style)参数缺少正确检查,远程攻击者可以利用这个漏洞构建恶意WEB页面,诱使用户点击,绕过安全区域检查,导致敏感信息泄露,或者脚本以在安全区域中执行。 MSIE包含通过脚本调用showModalDialog和showModelessDialog函数支持对话窗口,这些函数接收URL定位作为对话内容,和一选项参数允许数据从调用页面传递给对话窗口。另外,各种格式可以从调用页面中应用到对话框中。 MSIE存在安全检查以确保从调用页面传递给对话框的数据是来自同一域,这就可以防止第三方插入任意内容到任意对话框。但是,如果脚本代码插入对话框格式参数中,MSIE就没有对此进行正确检查。 因此攻击者可以利用这个漏洞构建恶意WEB页面,诱使用户点击,导致恶意内容插入到敏感对话框中,可以使恶意脚本在敏感安全区域如本地电脑安全区域中执行。
Microsoft Internet Explorer是一款流行的WEB服务程序。 MSIE对对话窗口格式(dialog style)参数缺少正确检查,远程攻击者可以利用这个漏洞构建恶意WEB页面,诱使用户点击,绕过安全区域检查,导致敏感信息泄露,或者脚本以在安全区域中执行。 MSIE包含通过脚本调用showModalDialog和showModelessDialog函数支持对话窗口,这些函数接收URL定位作为对话内容,和一选项参数允许数据从调用页面传递给对话窗口。另外,各种格式可以从调用页面中应用到对话框中。 MSIE存在安全检查以确保从调用页面传递给对话框的数据是来自同一域,这就可以防止第三方插入任意内容到任意对话框。但是,如果脚本代码插入对话框格式参数中,MSIE就没有对此进行正确检查。 因此攻击者可以利用这个漏洞构建恶意WEB页面,诱使用户点击,导致恶意内容插入到敏感对话框中,可以使恶意脚本在敏感安全区域如本地电脑安全区域中执行。
Microsoft Internet Explorer does not properly check the Cascading Style Sheet input parameter for Modal dialog. This may allow a remote attacker to read files on the local system via a web page containing malicious script that creates a dialog and then accesses the target files. The flaw is in the showModalDialog() function.
-
时间线
2002-12-03
Unknow
2002-12-03
Unknow
-
解决方案
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.
Discovery is credited to Liu Die Yu <liudieyuinchina@yahoo.com.cn>.
-
受影响的程序版本
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0 SP4
-
Microsoft Windows NT 4.0 SP4
-
Microsoft Windows NT 4.0 SP3
-
Microsoft Windows NT 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
Microsoft Internet Explorer 5.0.1 SP1
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0 SP4
-
Microsoft Windows NT 4.0 SP4
-
Microsoft Windows NT 4.0 SP3
-
Microsoft Windows NT 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP2
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0 SP1
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Enterprise Server 4.0
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP2
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0 SP1
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Server 4.0
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP2
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0 SP1
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Terminal Server 4.0
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows NT Workstation 4.0
Microsoft Internet Explorer 5.0.1
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
+
Microsoft Windows ME
+
Microsoft Windows ME
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP6
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0 SP5
-
Microsoft Windows NT 4.0 SP4
-
Microsoft Windows NT 4.0 SP4
-
Microsoft Windows NT 4.0 SP3
-
Microsoft Windows NT 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP6
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP5
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP4
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Enterprise Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP6
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP5
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP4
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP6
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP5
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP4
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Terminal Server 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP2
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server SP1
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Advanced Server
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP2
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server SP1
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Datacenter Server
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP2
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server SP1
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Server
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP2
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services SP1
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 2000 Terminal Services
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows 98SE
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows ME
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Enterprise Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Terminal Server 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6a
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition
+
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Standard Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows Server 2003 Web Edition
+
Microsoft Windows XP Home
+
Microsoft Windows XP Home
+
Microsoft Windows XP Home
+
Microsoft Windows XP Professional
+
Microsoft Windows XP Professional
+
Microsoft Windows XP Professional
Microsoft Internet Explorer 6.0
+
Microsoft Windows Server 2003 SP2
+
Microsoft Windows Server 2003 Sp1 X64
+
Microsoft Windows Server 2003
-
漏洞讨论
Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions accept a URL location for the dialog content, and an option argument parameter to allow data to be passed to the dialog from the calling page. Additionally, various styles can be applied to the dialog from the calling page.
A check is done to ensure that data is only passed to dialogs located in the same domain as the calling page. This prevents a malicious party from injecting content into arbitrary dialogs. However, if script code is injected into the style parameters of the dialog, it is not subject to this check.
Exploitation may allow malicious content to be inserted into sensitive dialogs. Execution of arbitrary script within the Local Computer Zone has been demonstrated.
This issue was also described in BID 7417 Multiple Microsoft Internet Explorer Vulnerabilities.