CVE-2004-1319
CVSS5.0
发布时间 :2004-12-15 00:00:00
修订时间 :2008-09-10 15:29:52
NMCOS    

[原文]The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.


[CNNVD]Microsoft DHTML编辑组件远程缓冲区溢出漏洞(MS05-013)(CNNVD-200412-065)

        
        DHTML编辑组件ActiveX控件为动态WEB站点提供HTML编辑功能。
        Microsoft DHTML编辑组件ActiveX控件存在一个跨域漏洞,远程攻击者可以利用这个漏洞获得目标用户敏感信息或在目标系统上执行任意代码。
        攻击者可以构建一个恶意WEB链接,诱使用户点击,可以以用户进程权限在系统上执行任意代码。目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_meMicrosoft Windows ME
cpe:/o:microsoft:windows_98::goldMicrosoft windows 98_gold
cpe:/o:microsoft:windows_2000::sp1:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP1
cpe:/o:microsoft:windows_2003_server:r2::64-bit
cpe:/o:microsoft:windows_2000::sp3:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP3
cpe:/o:microsoft:windows_xp::gold:professionalMicrosoft Windows XP Professional Gold
cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit
cpe:/o:microsoft:windows_2000::sp2:advanced_serverMicrosoft Windows 2000 Advanced Server SP2
cpe:/a:nortel:mobile_voice_client_2050Nortel Mobile Voice Client 2050
cpe:/o:microsoft:windows_2000::sp2:professionalMicrosoft Windows 2000 Professional SP2
cpe:/o:microsoft:windows_2003_server:enterprise::64-bit
cpe:/o:microsoft:windows_2000:::advanced_server
cpe:/o:microsoft:windows_xp::sp1:64-bit
cpe:/o:microsoft:windows_2000:::professional
cpe:/o:microsoft:windows_xp::sp1:home
cpe:/o:microsoft:windows_2003_server:standard::64-bit
cpe:/o:microsoft:windows_2003_server:enterprise_64-bit
cpe:/o:microsoft:windows_98seMicrosoft windows 98_se
cpe:/o:microsoft:windows_2000::sp1:professionalMicrosoft Windows 2000 Professional SP1
cpe:/o:microsoft:windows_2000:::datacenter_server
cpe:/o:microsoft:windows_xp:::media_center
cpe:/o:microsoft:windows_2000::sp3:professionalMicrosoft Windows 2000 Professional SP3
cpe:/a:nortel:ip_softphone_2050Nortel IP softphone 2050
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_2000::sp3:advanced_serverMicrosoft Windows 2000 Advanced Server SP3
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_2000::sp2:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP2
cpe:/o:microsoft:windows_xp::sp2:home
cpe:/o:microsoft:windows_xp::sp2:media_centerMicrosoft windows xp_sp2 media_center
cpe:/o:microsoft:windows_2000::sp4:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP4
cpe:/o:microsoft:windows_2003_server:web
cpe:/o:microsoft:windows_xp::sp2:tablet_pcMicrosoft windows xp_sp2 tablet_pc
cpe:/o:microsoft:windows_2000::sp1:advanced_serverMicrosoft Windows 2000 Advanced Server SP1
cpe:/a:nortel:optivity_telephony_managerNortel Optivity Telephony Manager (OTM)
cpe:/o:microsoft:windows_2000::sp4:professionalMicrosoft Windows 2000 Professional SP4
cpe:/o:microsoft:windows_xp::sp1:media_centerMicrosoft windows xp_sp1 media_center
cpe:/o:microsoft:windows_2000::sp4:advanced_serverMicrosoft Windows 2000 Advanced Server SP4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4758IE AbusiveParent Vulnerability (64-bit Server 2003)
oval:org.mitre.oval:def:3851IE AbusiveParent Vulnerability (Windows 2000)
oval:org.mitre.oval:def:3464IE AbusiveParent Vulnerability (32-bit XP)
oval:org.mitre.oval:def:1701IE AbusiveParent Vulnerability (64-bit XP)
oval:org.mitre.oval:def:1114IE AbusiveParent Vulnerability (32-bit Server 2003)
oval:gov.nist.fdcc.patch:def:5MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
oval:gov.nist.USGCB.patch:def:5MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1319
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1319
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-065
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA05-039A.html
(VENDOR_ADVISORY)  CERT  TA05-039A
http://www.kb.cert.org/vuls/id/356600
(VENDOR_ADVISORY)  CERT-VN  VU#356600
http://xforce.iss.net/xforce/xfdb/18504
(VENDOR_ADVISORY)  XF  ie-dhtml-xss(18504)
http://www.securityfocus.com/bid/11950
(VENDOR_ADVISORY)  BID  11950
http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx
(VENDOR_ADVISORY)  MS  MS05-013
http://secunia.com/advisories/13482/
(VENDOR_ADVISORY)  SECUNIA  13482
http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html
(VENDOR_ADVISORY)  BUGTRAQ  20041215 MSIE DHTML Edit Control Cross Site Scripting Vulnerability

- 漏洞信息

Microsoft DHTML编辑组件远程缓冲区溢出漏洞(MS05-013)
中危 设计错误
2004-12-15 00:00:00 2005-10-20 00:00:00
远程  
        
        DHTML编辑组件ActiveX控件为动态WEB站点提供HTML编辑功能。
        Microsoft DHTML编辑组件ActiveX控件存在一个跨域漏洞,远程攻击者可以利用这个漏洞获得目标用户敏感信息或在目标系统上执行任意代码。
        攻击者可以构建一个恶意WEB链接,诱使用户点击,可以以用户进程权限在系统上执行任意代码。目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS05-013)以及相应补丁:
        MS05-013:Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
        链接:
        http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx

        补丁下载:
        Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=AEA07CBA-0E2B-4A22-91ED-1D23BB012C04

        
        Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=9490E7D2-03C2-463A-B3D0-B949F5295208

        
        Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=9E0247B8-240E-416C-9586-ACD5EF8578DE

        
        Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=2CE98263-2AB4-4FE3-8B0B-5B3155119730

        
        Microsoft Windows Server 2003
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=E99F5BDD-8EA8-4837-960E-0D20DEA9AC4D

        
        Microsoft Windows Server 2003 for Itanium-based Systems
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=2CE98263-2AB4-4FE3-8B0B-5B3155119730

- 漏洞信息

12424
Microsoft IE DHTML Edit ActiveX Control execScript() XSS
Remote / Network Access, Context Dependent Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Windows contains a flaw that allows a remote cross site scripting attack. This flaw exists because dhtmled.ocx does not validate arguments to the execScript() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2004-12-15 Unknow
2004-12-15 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Windows DHTML Edit Control Script Injection Vulnerability
Design Error 11950
Yes No
2004-12-15 12:00:00 2009-07-12 09:26:00
Discovery is credited to Paul <paul@greyhats.cjb.net>.

- 受影响的程序版本

Nortel Networks Optivity Telephony Manager (OTM)
Nortel Networks Mobile Voice Client 2050
Nortel Networks IP softphone 2050
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows ME
Microsoft Windows 98SE
Microsoft Windows 98
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft Internet Explorer 6.0 SP2 - do not use
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional

- 漏洞讨论

Microsoft Windows DHTML Edit control may be used to carry out cross-domain script injection through Internet Explorer. This issue may allow an attacker to execute malicious script code in a user's browser to facilitate cross-site scripting attacks.

An attacker may be able to steal cookie-based authentication credentials through this vulnerability. Other attacks may be possible as well.

Note: This issue was originally documented as an Internet Explorer vulnerability. Microsoft has reported that this vulnerability is an operating system issue and has released appropriate operating system fixes.

- 漏洞利用

A proof of concept is available from the following location:

http://freehost07.websamba.com/greyhats/abusiveparent.htm

- 解决方案

Microsoft has released updates for supported platforms. Windows 98/98SE/ME updates may be obtained through Windows Update.

Nortel Networks has released security advisory 2005005513-2 acknowledging this issue. Please the referenced advisory for further information.


Microsoft Windows XP Media Center Edition SP2

Microsoft Windows XP 64-bit Edition SP1

Microsoft Windows 2000 Advanced Server SP4

Microsoft Windows 2000 Professional SP3

Microsoft Windows XP Tablet PC Edition SP1

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows XP Home SP2

Microsoft Windows XP Tablet PC Edition SP2

Microsoft Windows XP Media Center Edition SP1

Microsoft Windows Server 2003 Web Edition

Microsoft Windows 2000 Advanced Server SP3

Microsoft Windows XP Home SP1

Microsoft Windows Server 2003 Enterprise Edition Itanium 0

Microsoft Windows Server 2003 Standard Edition

Microsoft Windows XP 64-bit Edition Version 2003

Microsoft Windows XP Professional SP2

Microsoft Windows 2000 Professional SP4

Microsoft Windows XP Professional SP1

Microsoft Windows Server 2003 Datacenter Edition Itanium 0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站