CVE-2005-1191
CVSS5.0
发布时间 :2005-05-02 00:00:00
修订时间 :2011-03-07 21:21:13
NMCOS    

[原文]The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.


[CNNVD]Microsoft Windows资源管理器预览框脚本注入漏洞(CNNVD-200505-579)

        Microsoft Windows资源管理器存在脚本注入漏洞,攻击者可以利用这个漏洞以当前登陆用户的权限执行任意代码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_2000::sp1:professionalMicrosoft Windows 2000 Professional SP1
cpe:/o:microsoft:windows_2000:::datacenter_server
cpe:/o:microsoft:windows_meMicrosoft Windows ME
cpe:/o:microsoft:windows_98::goldMicrosoft windows 98_gold
cpe:/o:microsoft:windows_2000::sp1:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP1
cpe:/o:microsoft:windows_2000::sp3:professionalMicrosoft Windows 2000 Professional SP3
cpe:/o:microsoft:windows_2000::sp1:serverMicrosoft Windows 2000 Server SP1
cpe:/o:microsoft:windows_2000::sp3:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP3
cpe:/o:microsoft:windows_2000::sp3:advanced_serverMicrosoft Windows 2000 Advanced Server SP3
cpe:/o:microsoft:windows_2000::sp2:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP2
cpe:/o:microsoft:windows_2000::sp4:datacenter_serverMicrosoft Windows 2000 Datacenter Server SP4
cpe:/o:microsoft:windows_2000:::server
cpe:/o:microsoft:windows_2000::sp2:advanced_serverMicrosoft Windows 2000 Advanced Server SP2
cpe:/o:microsoft:windows_2000::sp1:advanced_serverMicrosoft Windows 2000 Advanced Server SP1
cpe:/o:microsoft:windows_2000::sp3:serverMicrosoft Windows 2000 Server SP3
cpe:/o:microsoft:windows_2000::sp2:professionalMicrosoft Windows 2000 Professional SP2
cpe:/o:microsoft:windows_2000:::advanced_server
cpe:/o:microsoft:windows_2000::sp2:serverMicrosoft Windows 2000 Server SP2
cpe:/o:microsoft:windows_2000:::professional
cpe:/o:microsoft:windows_2000::sp4:serverMicrosoft Windows 2000 Server SP4
cpe:/o:microsoft:windows_2000::sp4:professionalMicrosoft Windows 2000 Professional SP4
cpe:/o:microsoft:windows_98seMicrosoft windows 98_se
cpe:/o:microsoft:windows_2000::sp4:advanced_serverMicrosoft Windows 2000 Advanced Server SP4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:3585Web View Remote Code Execution Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1191
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1191
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-579
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/13248
(VENDOR_ADVISORY)  BID  13248
http://security.greymagic.com/security/advisories/gm015-ie
(PATCH)  MISC  http://security.greymagic.com/security/advisories/gm015-ie
http://xforce.iss.net/xforce/xfdb/20380
(UNKNOWN)  XF  windows-web-view-command-execution(20380)
http://www.vupen.com/english/advisories/2005/0509
(UNKNOWN)  VUPEN  ADV-2005-0509
http://www.securityfocus.com/archive/1/396224
(UNKNOWN)  BUGTRAQ  20050419 File Selection May Lead to Command Execution (GM#015-IE)
http://www.microsoft.com/technet/security/bulletin/ms05-024.mspx
(UNKNOWN)  MS  MS05-024

- 漏洞信息

Microsoft Windows资源管理器预览框脚本注入漏洞
中危 输入验证
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        Microsoft Windows资源管理器存在脚本注入漏洞,攻击者可以利用这个漏洞以当前登陆用户的权限执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.microsoft.com/downloads/details.aspx?FamilyId=67581D32-743F-44FF-9B53-30277C196923

- 漏洞信息

15707
Microsoft Windows Explorer Web View Arbitrary Script Insertion
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Microsoft Windows Explorer contains a flaw that may allow a malicious user to insert arbitrary scripts. The issue is due to an input validation error in the Web View library (webvw.dll). By tricking a user to select a malicious word document with a specially crafted author name in Windows Explorer, an attacker can execute arbitrary HTML and scripts with the logon user's privileges.

- 时间线

2005-04-19 2005-01-18
2005-04-19 Unknow

- 解决方案

Microsoft has released a patch to address this vulnerability. It is alspossible to correct the flaw by implementing the following workaround: disable the Web View by going to: Tools -> Folder Options -> Select 'Use Windows classic folders'

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Windows Explorer Preview Pane Script Injection Vulnerability
Input Validation Error 13248
Yes No
2005-04-19 12:00:00 2009-07-12 02:06:00
Discovered by Grey Magic Software.

- 受影响的程序版本

Microsoft Windows ME
Microsoft Windows 98SE
Microsoft Windows 98
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server

- 漏洞讨论

Microsoft Windows Explorer is prone to a script injection vulnerability. This occurs when the Windows Explorer preview pane (Web View) is enabled on Windows 2000 computers. Windows 98/98SE/ME are also affected by this issue. If a file with malicious attributes is selected using Explorer, script code contained in the attribute fields may be executed with the privilege level of the user that invoked Explorer. This could be exploited to gain unauthorized access to the vulnerable computer in the context of the currently logged in user.

- 漏洞利用

The following exploits are available:

- 解决方案

Microsoft has released a security bulletin to address this issue for supported platforms.


Microsoft Windows 2000 Advanced Server SP3

Microsoft Windows 2000 Advanced Server SP4

Microsoft Windows 2000 Server SP3

Microsoft Windows 2000 Server SP4

Microsoft Windows 2000 Professional SP3

Microsoft Windows 2000 Professional SP4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站