CVE-2005-0243
CVSS5.0
发布时间 :2005-02-17 00:00:00
修订时间 :2008-09-05 16:45:44
NMCOPS    

[原文]Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.


[CNNVD]Yahoo!Messenger(雅虎通)下载对话框文件名电子欺骗漏洞(CNNVD-200502-064)

        Yahoo! Messenger雅虎通是由全球领先的互联网公司雅虎(Yahoo!)推出的即时聊天工具。
        Yahoo! Messenger 6.0.0.1750以及6.0.0.1921之前的其他可能版本,无法在文件对话框中正确显示长文件名,这可让远程攻击者通过包含大量空格和多个文件扩展名的文件名欺骗用户下载并执行程序。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:yahoo:messenger:5.6Yahoo Messenger 5.6
cpe:/a:yahoo:messenger:6.0Yahoo Messenger 6.0
cpe:/a:yahoo:messenger:5.6.0.1351Yahoo Messenger 5.6.0.1351
cpe:/a:yahoo:messenger:5.5Yahoo Messenger 5.5
cpe:/a:yahoo:messenger:6.0.0.1750Yahoo Messenger 6.0.0.1750

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0243
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0243
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-064
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/secunia_research/2005-2/advisory/
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2005-2/advisory/
http://secunia.com/advisories/13712
(VENDOR_ADVISORY)  SECUNIA  13712

- 漏洞信息

Yahoo!Messenger(雅虎通)下载对话框文件名电子欺骗漏洞
中危 设计错误
2005-02-17 00:00:00 2005-10-20 00:00:00
远程  
        Yahoo! Messenger雅虎通是由全球领先的互联网公司雅虎(Yahoo!)推出的即时聊天工具。
        Yahoo! Messenger 6.0.0.1750以及6.0.0.1921之前的其他可能版本,无法在文件对话框中正确显示长文件名,这可让远程攻击者通过包含大量空格和多个文件扩展名的文件名欺骗用户下载并执行程序。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Yahoo! Messenger 6.0 .0.1750
        Yahoo! Messenger 6.0 Build 1921
        http://messenger.yahoo.com/

- 漏洞信息 (F36233)

secres18022005-1.txt (PacketStormID:F36233)
2005-02-25 00:00:00
Andreas Sandblad  secunia.com
advisory
CVE-2005-0243
[点击下载]

Secunia Research Advisory - Secunia Research has discovered a vulnerability in Yahoo! Messenger, which can be exploited by malicious people to trick users into executing malicious files.

======================================================================

                     Secunia Research 18/02/2005

        - Yahoo! Messenger File Transfer Filename Spoofing -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

Yahoo! Messenger 6.0.0.1750

Other versions may also be affected.

======================================================================
2) Severity

Rating: Less critical
Impact: Spoofing
Where:  From remote

======================================================================
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Yahoo! Messenger, 
which can be exploited by malicious people to trick users into 
executing malicious files.

The problem is that files with long filenames are not displayed 
correctly in the file transfer dialogs. This can be exploited to 
trick users into accepting and potentially executing malicious files.

Details:
Yahoo! Messenger wraps overly long filenames and shows only the first 
line of the filename in the file transfer dialogs. The file extension 
can thus be spoofed for a filename containing a whitespace and two 
file extensions.

Successful exploitation requires that the option 
"Hide extension for known file types" is enabled in Windows 
(default setting).

The vulnerability has been confirmed in version 6.0.0.1750. Other 
versions may also be affected.

======================================================================
4) Solution

Update to version 6.0.0.1921.
http://messenger.yahoo.com/

======================================================================
5) Time Table

04/01/2005 - Vulnerability discovered.
10/01/2005 - Vendor notified.
19/01/2005 - Vendor confirms the vulnerability.
17/02/2005 - Vendor issued fixed version.
18/02/2005 - Public disclosure.

======================================================================
6) Credits

Discovered by Andreas Sandblad, Secunia Research.

====================================================================== 
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
candidate number CAN-2005-0243 for the vulnerability.

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia web site:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia web site:
http://secunia.com/secunia_research/2005-2/advisory/

======================================================================


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
    

- 漏洞信息

13930
Yahoo! Messenger File Transfer Filename Linewrap Spoofing

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-18 2005-01-04
Unknow Unknow

- 解决方案

Upgrade to version 6.0.0.1921 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Yahoo! Messenger Download Dialogue Box File Name Spoofing Vulnerability
Design Error 12587
Yes No
2005-02-18 12:00:00 2009-07-12 10:06:00
Andreas Sandblad is credited with the discovery of this issue.

- 受影响的程序版本

Yahoo! Messenger 6.0 .0.1750
Yahoo! Messenger 6.0 .0.1921

- 不受影响的程序版本

Yahoo! Messenger 6.0 .0.1921

- 漏洞讨论

A remote download dialogue box spoofing vulnerability affects Yahoo! Messenger. This issue is due to a design error that facilitates the spoofing of file names.

An attacker may leverage this issue to spoof downloaded file names to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences.

It should be noted that although only Yahoo! Messenger version 6.0.0.1750 is reportedly affected; earlier versions may be affected as well.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

The vendor has released an upgrade dealing with this issue.


Yahoo! Messenger 6.0 .0.1750

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站