CVE-2004-0845
CVSS6.4
发布时间 :2004-11-03 00:00:00
修订时间 :2016-10-17 22:49:29
NMCOPS    

[原文]Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.


[CNNVD]Microsoft Windows Internet Explorer SSL缓存漏洞(MS04-038)(CNNVD-200411-028)

        
        Microsoft Internet Explorer是一款流行的WEB浏览器。
        Microsoft Internet Explorer处理验证从SSL保护WEB站点的缓存内容时存在伪造问题,远程攻击者可以利用这个漏洞在安全加强的WEB站点上运行他们选择的脚本。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:ie:6:windows_server_2003_sp1
cpe:/a:microsoft:ie:5.01Microsoft Internet Explorer 5.01
cpe:/a:microsoft:ie:5.5Microsoft ie 5.5

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:7611IE v5.01,SP3 SSL Cached Content Vulnerability
oval:org.mitre.oval:def:5740IE v6.0,SP1 SSL Cached Content Vulnerability
oval:org.mitre.oval:def:5520IE v5.5, SP2 SSL Cached Content Vulnerability
oval:org.mitre.oval:def:5150IE v5.01, SP4 SSL Cached Content Vulnerability
oval:org.mitre.oval:def:3872IE v6.0,SP1 (Server 2003) SSL Cached Content Vulnerability
oval:org.mitre.oval:def:2219IE v6.0 SSL Cached Content Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0845
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0845
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-028
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109770364504803&w=2
(UNKNOWN)  BUGTRAQ  20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer
http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt
(UNKNOWN)  MISC  http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt
http://www.kb.cert.org/vuls/id/795720
(VENDOR_ADVISORY)  CERT-VN  VU#795720
http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx
(PATCH)  MS  MS04-038
http://www.us-cert.gov/cas/techalerts/TA04-293A.html
(VENDOR_ADVISORY)  CERT  TA04-293A
http://xforce.iss.net/xforce/xfdb/17651
(UNKNOWN)  XF  ie-ms04038-patch(17651)
http://xforce.iss.net/xforce/xfdb/17654
(VENDOR_ADVISORY)  XF  ie-cache-ssl-obtain-information(17654)

- 漏洞信息

Microsoft Windows Internet Explorer SSL缓存漏洞(MS04-038)
中危 其他
2004-11-03 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft Internet Explorer是一款流行的WEB浏览器。
        Microsoft Internet Explorer处理验证从SSL保护WEB站点的缓存内容时存在伪造问题,远程攻击者可以利用这个漏洞在安全加强的WEB站点上运行他们选择的脚本。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS04-038)以及相应补丁:
        MS04-038:Cumulative Security Update for Internet Explorer (834707)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx

        补丁下载:
        Internet Explorer 5.01 Service Pack 3 on Windows 2000 SP3
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=2D8E8E97-4946-4994-924B-1FB1DC1881BA&displaylang=en

        
        Internet Explorer 5.01 Service Pack 4 on Windows 2000 SP4
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=72DBE239-AF0A-42B5-B88C-A00371F6EC81&displaylang=en

        
        Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Me
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=BE27F77C-3C2D-45F1-86DF-2B71799DA169&displaylang=en

        
        Internet Explorer 6 on Windows XP
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=A89CFBE8-C299-415D-A9D6-7CC6429C547D&displaylang=en

        
        Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, on Microsoft Windows XP, or on Microsoft Windows XP Service Pack 1
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=7C1404E6-F5D4-4FED-9573-DD83F2DFF074&displaylang=en

        
        Internet Explorer 6 Service Pack 1 on Microsoft Windows NT Server 4.0 Service Pack 6a, on Microsoft Windows NT Server 4.0 Terminal Service Edition Service Pack 6, on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Me
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=DE8D94C4-7F58-4CE7-B8BD-51CFD795B03E&displaylang=en

        
        Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=C05103E8-4402-4D54-BA03-FBBC24142E4D&displaylang=en

        
        Internet Explorer 6 for Windows Server 2003
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=19E69E5F-9C98-49AD-A61F-4F82A4014412&displaylang=en

        
        Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=566C2A05-2513-4E30-A3EA-87D4BF7F9730&displaylang=en

        
        Internet Explorer 6 for Windows XP Service Pack 2
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=CF47B515-3F51-43E1-9246-2C2264C49E2E&displaylang=en

- 漏洞信息 (F34709)

ACROS Security Problem Report 2004-10-13.1 (PacketStormID:F34709)
2004-10-24 00:00:00
Mitja Kolsek,ACROS Security  acrossecurity.com
advisory,web
CVE-2004-0845
[点击下载]

ACROS Security Problem Report #2004-10-13-1 - The public report released discussing the poisoning of cached HTTPS documents in Internet Explorer including workarounds and mitigating factors.

Below please find our public report for the HTTPS cache poisoning issue in
Internet Explorer. It includes workarounds for server operators, allowing
them to protect their web services without having to rely on users to patch
their browsers.

Regards,

ACROS Security
http://www.acrossecurity.com


=====[BEGIN-ACROS-REPORT]=====

PUBLIC

=========================================================================
ACROS Security Problem Report #2004-10-13-1
-------------------------------------------------------------------------
ASPR #2004-10-13-1: Poisoning Cached HTTPS Documents in Internet Explorer 
=========================================================================

Document ID:     ASPR #2004-10-13-1-PUB
Vendor:          Microsoft (http://www.microsoft.com)
Target:          Internet Explorer
Impact:          Arbitrarily modifying the content of HTTPS pages shown
                 in Internet Explorer
Severity:        High
Status:          Official patch available, workarounds available
Discovered by:   Mitja Kolsek of ACROS Security

Current version 
   http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt


Summary
=======

Under specific circumstances, Internet Explorer does not warn the user about

an invalid server SSL certificate. This allows an attacker to "poison" a 
user's browser cache with a malicious document that will later be used from 
cache when the user visits the legitimate site. Furthermore, once the user
is 
on the legitimate site and the malicious document is used from browser's 
cache, even manual inspection of the document's certificate will not reveal 
anything suspicious - in contrast to most other SSL content-faking 
vulnerabilities, where manual certificate inspection alerts the user about
the 
attack.

The attacker can exploit this vulnerability for "replacing" HTML documents, 
images, script files (.js), cascading style sheet files (.css) and other 
static documents on a legitimate secured web server, thereby possibly 
completely compromising the component of its security provided by the SSL 
protocol.


Product Coverage
================

- Internet Explorer 6 - affected

All patches applied, up to and excluding Cumulative Security Update for 
Internet Explorer (834707).
Note: Windows XP Service Pack 2 resolves the issue on Windows XP.

Other versions may also be affected.


Analysis
========

In 1999, our company has informed Microsoft about a vulnerability [1] in 
Internet Explorer that allowed the attacker to force IE to communicate with
a 
malicious web server over HTTPS without the browser issuing a warning about
an 
invalid SSL certificate used by that server. To summarize, IE did not check 
the validity of SSL certificates for (1) connections with web servers with 
which a successful SSL connection has previously been established, and for
(2) 
connections established via images or (i)frames. Microsoft has subsequently 
fixed both aspects of this vulnerability.

Recently, we've discovered a somewhat similar security problem in Internet 
Explorer, although one which does not pose such an obvious threat. Under 
certain circumstances, Internet Explorer again doesn't perform all three of
the required SSL certificate validations.

The threat is not obvious since it is very unlikely that a secure production

site would provide such circumstances. However, we have found an attack
vector 
that allows the attacker to "replace" arbitrary static documents on a
secured 
web server using only DNS spoofing and little or no social engineering. 
Furthermore, the attack can take place any time before the user actually 
visits the "attacked" web server (note: actually, the browser is attacked,
not 
the server), and the user may even restart his computer in between.

The key to the attack is browser's cache (temporary internet files). IE by 
default caches all documents except those which web servers instruct it not
to 
cache. While there is a "Do not save encrypted pages to disk" option in IE,
it 
is turned off by default, which means that HTTPS documents are cached by
default. 

When a web server includes a "Last-Modified" header in its response
containing 
a document, IE remembers its value and when it subsequently needs the same
document again, includes an "If-Modified-Since" header in its request for 
the document. The web server, receiving an "If-Modified-Since" header,
checks 
whether the document it hosts is newer than the one browser claims it has 
cached, and sends the document to browser only if it is newer - otherwise,
it 
returns a "304" (meaning "Not Modified") response, instructing the browser
to
use the locally cached copy.

Using the discovered vulnerability in IE, the attacker can covertly "poison"

browser's cache with a fake document that seemingly comes from a legitimate 
secured web server while the user opens a page on a malicious web server.
This 
fake document can be used to effectively replace an image or HTML (e.g., a 
login form) on the legitimate server, or even to introduce a malicious
script 
that will, for example, steal visitors' credentials and send them to the 
attacker.

What the attacker needs to do in order to execute the attack is this:

1. Temporarily poison the user's DNS server or send a fake DNS response to
the 
user's browser ("man in the middle") to redirect requests for the legitimate

secured web server to a malicious web server. 

2. Set up a malicious web server hosting a fake document that will poison
the 
user's browser cache. 

3. Make the user's browser visit the malicious web server, either using
social 
engineering or by modifying the HTTP traffic from/to the browser ("man in
the 
middle"). 

4. Wait for the user to visit the legitimate secured web site where the fake

document will be used instead of the real one, possibly introducing
malicious 
scripts, fake images or fake text.

Two important facts distinguish this attack from many other attacks on SSL-
protected sites:

A. The active component of the attack takes place before the user actually 
visits the targeted web site (e.g., a web-banking site). No attacker's 
activity is required during the user's visit of the legitimate ("spoofed")
web 
site. Furthermore, there can be a long pause between steps 3 and 4 above, 
during which the user can restart his computer any number of times. The only

serious limitation is that the user must not manually delete the browser's 
cache (and hence the fake document) during this period. 

B. Once on the legitimate secured site, the user has no way to determine
that 
a fake document (be it an image or an HTML document) is not legitimate -
even 
a manual SSL certificate inspection will show that the document has come
from 
the legitimate server. This is, by the way, not the case in most "URL 
obfuscation" attacks that only modify the apparent URL for web sites or 
documents and try to trick the user into believing that he is actually 
visiting some other site - these attacks can generally be detected at least
by 
manual certificate inspection.

Some additional notes regarding this vulnerability:

- While it may be tempting to think that the described attack requires quite
a 
resourceful attacker (poisoning DNS response, getting the user to visit a 
malicious web server), we should remember that SSL (and HTTPS) protocol is 
being used for defending against this exact type of attacker - the attacker 
being able to monitor and possibly modify network traffic between browser
and 
server. 

- The attacker can use any web server certificate issued by any one of the 
IE's trusted issuers (currently 109 of them!), which can be long expired and

issued for any host name. A useable certificate can also be bought by any 
commercial trusted CA like Verisign or Thawte. 

- It seems that IE will always send en explicit GET for the first request in

an HTTPS connection - for example, in case of index.html with three inline 
images, index.html will be, as the first request, requested unconditionally 
(i.e., without "If-Modified-Since" header), while the images will be
requested 
with "If-Modified-Since" header. Consequently, it is easier to successfully 
poison documents that are loaded from another document, e.g., images, script

files or style sheet files. However, HTML documents can also be successfully

poisoned as long as they're not the first to be requested over an HTTPS 
connection. 

- Malicious scripts can also be introduced via fake cascading style sheets.

- The attacker can only poison sites that respect "If-Modified-Since"
headers. 
Furthermore, the attacker can only poison documents (HTML documents, images,

.JS files etc.) that the web server considers static and therefore subject
to 
"If-Modified-Since" logic. 

- It makes no difference if the targeted web server tries to make sure its 
pages aren't written to browser's cache (using cache-related HTTP response 
headers). The attacker's malicious server will always be able to demand its 
fake page to be cached and there's nothing the legitimate web server can do
to
prevent it. 

- Caching HTTP proxy servers in general have no effect on this vulnerability
as HTTPS sessions run through them encrypted. Proxy servers that actually
decrypt and re-encrypt the traffic can either mitigate, or even escalate
the issue, depending on their logic.


Mitigating Factors
==================

1) Browsers with the "Do not save encrypted pages to disk" option enabled
are 
not affected by this issue as the fake document(s) can't be written to 
browser's cache. 

2) Web servers that ignore browser's "If-Modified-Since" header and always 
send the requested document are not "spoofable" using this vulnerability.


Solution
========

Cumulative Security Update for Internet Explorer (834707) was released,
which 
fixes this issue. Affected users can install it via Windows Update or by 
downloading it from
http://www.microsoft.com/technet/security/bulletin/ms04-038.mspx

Note that Windows XP Service Pack also fixes this issue on Windows XP.


Workarounds
===========

Browser
-------

Turning the option "Do not save encrypted pages to disk" on will disable the

cache poisoning attack. Deleting the browser's temporary files is advised 
afterwards to remove any malicious documents.

Servers
-------

If you're running a critical web site and don't want to rely on your
visitors 
to install the patch, implement a workaround or even know about this issue, 
there are steps you can take to protect them. As the described attack relies

on the fact that the browser will (re)use a cached page when the web server 
responds with "304 - Not Modified" response, preventing the server from ever

sending such a response will thwart it. Following, we provide specific 
solutions for IIS and Apache web servers. All solutions are aimed at
removing 
"If-Modified-Since" headers from browsers' requests, effectively bypassing 
server's "Not Modified" functionality.

Internet Information Services
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We wrote a simple, minimum overhead ISAPI filter (24 lines of code) that 
intercepts browsers' requests and removes any "If-Modified-Since" headers
from 
it. The filter is available on our web site at 
http://www.acrossecurity.com/aspr/misc/if-modified-since-eliminator.zip 
(Visual C++ project)

[Remember to always review the source code before using it!]

Apache 1.3
~~~~~~~~~~
Edi Weitz from Germany wrote a simple Apache module called
mod_header_modify, 
specifically intended for changing incoming HTTP headers. This module can be

used for eliminating "If-Modified-Since" headers from incoming requests
using
the following directives in httpd.conf:

HeaderModify on
HeaderModifyRemove If-Modified-Since

mod_header_modify module can be downloaded from 
http://weitz.de/mod_header_modify.html
Note: Apache must be built with DSO support.

[Remember to always review the source code before using it!]

Apache 2.0
~~~~~~~~~~
Apache 2.0 already comes with mod_headers module. Rebuild Apache with this
module included and use the following directive in httpd.conf:

RequestHeader unset If-Modified-Since


Acknowledgments
===============

We would like to acknowledge Microsoft Security Response Center for prompt
and professional response to our notification of the identified
vulnerability.


References
==========

[1] ACROS Security, "Bypassing Warnings For Invalid SSL Certificates In 
    Internet Explorer"
    http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt


Company Information
===================

ACROS d.o.o.
Makedonska ulica 113
SI - 2000 Maribor

e-mail: security@acrossecurity.com
web:    http://www.acrossecurity.com
phone:  +386 2 3000 280
fax:    +386 2 3000 282

ACROS Security PGP Key
   http://www.acrossecurity.com/pgpkey.asc
   [Fingerprint: FE9E 0CFB CE41 36B0 4720 C4F1 38A3 F7DD]

ACROS Security Advisories
   http://www.acrossecurity.com/advisories.htm

ACROS Security Papers
   http://www.acrossecurity.com/papers.htm

ASPR Notification and Publishing Policy
   http://www.acrossecurity.com/asprNotificationAndPublishingPolicy.htm


Disclaimer
==========

The content of this report is purely informational and meant only for the
purpose of education and protection. ACROS d.o.o. shall in no event be
liable for any damage whatsoever, direct or implied, arising from use or
spread of this information. All identifiers (hostnames, IP addresses,
company names, individual names etc.) used in examples and demonstrations
are used only for explanatory purposes and have no connection with any
real host, company or individual. In no event should it be assumed that
use of these names means specific hosts, companies or individuals are
vulnerable to any attacks nor does it mean that they consent to being used
in any vulnerability tests. The use of information in this report is
entirely at user's risk.


Revision History
================

October 13, 2004: Initial release


Copyright
=========

(c) 2004 ACROS d.o.o. Forwarding and publishing of this document is
permitted providing the content between "[BEGIN-ACROS-REPORT]" and
"[END-ACROS-REPORT]" marks remains unchanged.

=====[END-ACROS-REPORT]=====

    

- 漏洞信息 (F34701)

ms04-038.html (PacketStormID:F34701)
2004-10-24 00:00:00
Mitja Kolsek,John Heasman,Greg Jones  microsoft.com
advisory,vulnerability
CVE-2004-0842,CVE-2004-0727,CVE-2004-0216,CVE-2004-0839,CVE-2004-0844,CVE-2004-0843,CVE-2004-0841,CVE-2004-0845
[点击下载]

Microsoft Security Advisory MS04-038 - Multiple Internet Explorer vulnerabilities have been patched by Microsoft. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

- 漏洞信息

10709
Microsoft IE SSL Cached Content Spoofing
Remote / Network Access Cryptographic, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Unknown

- 漏洞描述

Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the improper handling of cached SSL contents, which will disclose information resulting in a loss in confidentiality It will also allow content on SSL-protected websites to be spoofed, resulting in a loss of integrity.

- 时间线

2004-10-12 Unknow
Unknow Unknow

- 解决方案

Install Microsoft security update MS04-038, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Change advanced security settings to not save encrypted pages to disk. 1. In Internet Explorer, click Internet Options on the Tools menu. 2. Click the Advanced tab. 3. Under Settings, scroll to Security. 4. Under Settings, in the Security section, click Do not save encrypted pages to disk. 5. Click OK two times to return to Internet Explorer.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Internet Explorer Secure Sockets Layer Caching Vulnerability
Failure to Handle Exceptional Conditions 11383
Yes No
2004-10-12 12:00:00 2009-07-12 07:06:00
Discovery of this vulnerability is credited to Mitja Kolsek of ACROS Security.

- 受影响的程序版本

Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Server SP4
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
Microsoft Internet Explorer 5.0.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
+ Microsoft Windows ME
+ Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional
+ Microsoft

- 不受影响的程序版本

Microsoft Internet Explorer 6.0 SP2 - do not use

- 漏洞讨论

Microsoft Internet Explorer is reported prone to a Secure Sockets Layer caching vulnerability.

It is reported that arbitrary content may be cached to the computer that is viewing a malicious site when this vulnerability is exploited. This cached content will be rendered in the context of a legitimate site when a legitimate site is viewed.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released a cumulative update for supported versions of Internet Explorer to address this and other vulnerabilities.

Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Customers are advised to follow Microsoft.s guidance for applying patches. Please see the referenced Avaya advisory at the following location for further details:

http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()


Microsoft Internet Explorer 6.0 SP1

Microsoft Internet Explorer 5.5 SP2

Microsoft Internet Explorer 6.0

Microsoft Internet Explorer 5.0.1 SP3

Microsoft Internet Explorer 5.0.1 SP4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站