CVE-2003-0470
CVSS7.5
发布时间 :2003-08-07 00:00:00
修订时间 :2016-10-17 22:34:12
NMCOES    

[原文]Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings.


[CNNVD]Symantec Security Check RuFSI ActiveX控件远程缓冲区溢出漏洞(CNNVD-200308-036)

        
        Symantec Security Check是一款免费基于WEB的工具,可以使用户对自己的电脑进行安全在线的检查。在运行检查过程中,用户会安装ActiveX控件。
        当前的Symantec RuFSI工具类或Symantec RuFSI注册信息类在调用超长字符串时缺少正确边界缓冲区检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以用户浏览器进程权限在系统上执行任意指令。
        攻击者可以构建恶意站点,诱使用户访问,使此控件处理超长字符串来触发此漏洞。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0470
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0470
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-036
(官方数据源) CNNVD

- 其它链接及资源

http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006014.html
(UNKNOWN)  FULLDISC  20030622 Symantec ActiveX control buffer overflow
http://marc.info/?l=bugtraq&m=105647537823877&w=2
(UNKNOWN)  BUGTRAQ  20030624 [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow
http://securitytracker.com/id?1007029
(UNKNOWN)  SECTRACK  1007029
http://www.kb.cert.org/vuls/id/527228
(UNKNOWN)  CERT-VN  VU#527228
http://www.securityfocus.com/bid/8008
(UNKNOWN)  BID  8008
http://xforce.iss.net/xforce/xfdb/12423
(UNKNOWN)  XF  symantec-security-activex-bo(12423)

- 漏洞信息

Symantec Security Check RuFSI ActiveX控件远程缓冲区溢出漏洞
高危 边界条件错误
2003-08-07 00:00:00 2005-10-20 00:00:00
远程  
        
        Symantec Security Check是一款免费基于WEB的工具,可以使用户对自己的电脑进行安全在线的检查。在运行检查过程中,用户会安装ActiveX控件。
        当前的Symantec RuFSI工具类或Symantec RuFSI注册信息类在调用超长字符串时缺少正确边界缓冲区检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以用户浏览器进程权限在系统上执行任意指令。
        攻击者可以构建恶意站点,诱使用户访问,使此控件处理超长字符串来触发此漏洞。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 重新启动系统,并删除如下位置中的ActiveX控件:
        %System%\Downloaded Program Files\rufsi.dll
        厂商补丁:
        Symantec
        --------
        新的ActiveX控件已经提供,Symantec建议用户访问Symantec Security Check重运行安全检查,这就会下载新控件来覆盖有漏洞的控件:
        
        http://www.symantec.com/securitycheck

- 漏洞信息 (22816)

Symantec Security Check RuFSI ActiveX Control Buffer Overflow Vulnerability (EDBID:22816)
windows dos
2003-06-23 Verified
0 Cesar Cerrudo
N/A [点击下载]
source: http://www.securityfocus.com/bid/8008/info

It has been reported that the RuFSI Utility Class is vulnerable to a boundary condition error when invoked with long strings. This could potentially lead to the execution of code with the privileges of the user executing the web browser. 

<object classid="clsid:69DEAF94-AF66-11D3-BEC0-00105AA9B6AE" id="test">
</object>

<script>
test.CompareVersionStrings("long string here","or long string here")
</script>

		

- 漏洞信息

2208
Symantec Security Check RuFSI ActiveX Overflow
Remote / Network Access, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

Symantec Security Check contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable system. The issue is due to the Symantec RuFSI Utility Class or Symantec RuFSI Registry Information Class ActiveX controls which contain a buffer overflow. With a specially crafted web page, an attacker can overflow the buffer which will allow remote code execution on a system with these ActiveX controls installed.

- 时间线

2003-06-23 Unknow
Unknow Unknow

- 解决方案

Visit the Symantec Security Check web site and re-run the Security Check. This will update the old and potentially vulnerable ActiveX control.

- 相关参考

- 漏洞作者

- 漏洞信息

Symantec Security Check RuFSI ActiveX Control Buffer Overflow Vulnerability
Boundary Condition Error 8008
Yes No
2003-06-23 12:00:00 2009-07-12 05:56:00
Discovery credited to Cesar Cerrudo.

- 受影响的程序版本

Symantec RuFSI Utility Class 0

- 漏洞讨论

It has been reported that the RuFSI Utility Class is vulnerable to a boundary condition error when invoked with long strings. This could potentially lead to the execution of code with the privileges of the user executing the web browser.

- 漏洞利用

The following proof of concept code has been made available by Cesar Cerrudo:

&lt;object classid="clsid:69DEAF94-AF66-11D3-BEC0-00105AA9B6AE" id="test"&gt;
&lt;/object&gt;

&lt;script&gt;
test.CompareVersionStrings("long string here","or long string here")
&lt;/script&gt;

- 解决方案

A new version of the ActiveX control is available. Symantec advises users who have recently visited Symantec Security Check to re-run a new Security Scan. This will cause the previous ActiveX control to be replaced with one that is not vulnerable to this issue.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站