CVE-2006-0020
CVSS9.3
发布时间 :2006-01-10 16:03:00
修订时间 :2011-03-07 21:29:10
NMCOS    

[原文]An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."


[CNNVD]Microsoft IE WMF图形解析内存破坏漏洞(CNNVD-200601-101)

        Microsoft Internet Explorer是一款非常流行的WEB浏览器。
        Microsoft Internet Explorer在处理畸形的WMF文件时存在漏洞,攻击者可能利用此漏洞导致用户机器拒绝服务或执行任意指令。Internet Explorer 5.01 SP4中所使用的Microsoft WMF解析应用程序存在内存破坏漏洞。攻击者可以创建带有畸形WMF头部大小的特制WMF文件,如果用户被诱使浏览了该文件的话就会触发整数溢出,导致拒绝服务或执行任意指令。

- CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-189 [数值错误]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_xp::sp2:tablet_pcMicrosoft windows xp_sp2 tablet_pc
cpe:/o:microsoft:windows_2003_server:r2
cpe:/o:microsoft:windows_meMicrosoft Windows ME
cpe:/o:microsoft:windows_98::goldMicrosoft windows 98_gold
cpe:/o:microsoft:windows_2000::sp4::fr
cpe:/o:microsoft:windows_2003_server:sp1
cpe:/o:microsoft:windows_98seMicrosoft windows 98_se
cpe:/o:microsoft:windows_xp::sp1:tablet_pcMicrosoft windows xp_sp1 tablet_pc

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1638Remote Code Execution Vulnerability in IE5.01
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0020
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0020
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-101
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/312956
(VENDOR_ADVISORY)  CERT-VN  VU#312956
http://www.us-cert.gov/cas/techalerts/TA06-045A.html
(VENDOR_ADVISORY)  CERT  TA06-045A
http://www.securityfocus.com/bid/16516
(PATCH)  BID  16516
http://www.microsoft.com/technet/security/bulletin/ms06-004.mspx
(PATCH)  MS  MS06-004
http://secunia.com/advisories/18729
(VENDOR_ADVISORY)  SECUNIA  18729
http://www.vupen.com/english/advisories/2006/0469
(UNKNOWN)  VUPEN  ADV-2006-0469
http://www.osvdb.org/22976
(UNKNOWN)  OSVDB  22976
http://www.microsoft.com/technet/security/advisory/913333.mspx
(VENDOR_ADVISORY)  CONFIRM  http://www.microsoft.com/technet/security/advisory/913333.mspx
http://secunia.com/advisories/18912
(VENDOR_ADVISORY)  SECUNIA  18912
http://linuxbox.org/pipermail/funsec/2006-January/002828.html
(VENDOR_ADVISORY)  MLIST  [funsec] 20060110 Another WMF flaw without a Microsoft patch

- 漏洞信息

Microsoft IE WMF图形解析内存破坏漏洞
高危 缓冲区溢出
2006-01-10 00:00:00 2006-05-05 00:00:00
远程  
        Microsoft Internet Explorer是一款非常流行的WEB浏览器。
        Microsoft Internet Explorer在处理畸形的WMF文件时存在漏洞,攻击者可能利用此漏洞导致用户机器拒绝服务或执行任意指令。Internet Explorer 5.01 SP4中所使用的Microsoft WMF解析应用程序存在内存破坏漏洞。攻击者可以创建带有畸形WMF头部大小的特制WMF文件,如果用户被诱使浏览了该文件的话就会触发整数溢出,导致拒绝服务或执行任意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.microsoft.com/downloads/details.aspx?FamilyId=C0DF2FC3-2075-46B5-945F-6E0BD6806151

- 漏洞信息

22976
Microsoft IE Crafted WMF Header Size Arbitrary Code Execution
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

A remote overflow exists in Microsoft Internet Explorer. The Microsoft Internet Explorer fails to check integer bounds resulting in a integer overflow. With a specially crafted request, an attacker can cause corrupted heap memory resulting in a loss of integrity.

- 时间线

2006-01-11 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 5.5 or higher, as it has been reported to fix this vulnerability. In addition, Microsoft has released a patch for some older versions.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Internet Explorer WMF Image Parsing Memory Corruption Vulnerability
Boundary Condition Error 16516
Yes No
2006-01-09 12:00:00 2006-04-07 03:38:00
Discovered by H D Moore.

- 受影响的程序版本

Nortel Networks Self-Service Peri NT Server 0
Nortel Networks Self-Service Peri IVR 0
Nortel Networks Self-Service Media Processing Server 0
Nortel Networks Optivity Telephony Manager TM-CS1000 0
Nortel Networks MCS 5200 3.0
Nortel Networks MCS 5100 3.0
Nortel Networks IP softphone 2050
Nortel Networks IP Address Domain Manager
Nortel Networks Contact Center
Microsoft Internet Explorer 5.0.1 SP4
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Server SP4
Avaya Unified Communications Center S3400
Avaya S8100 Media Servers R9
Avaya S8100 Media Servers R8
Avaya S8100 Media Servers R7
Avaya S8100 Media Servers R6
Avaya S8100 Media Servers R12
Avaya S8100 Media Servers R11
Avaya S8100 Media Servers R10
Avaya S8100 Media Servers 0
+ Microsoft Windows 2000 Server
+ Microsoft Windows NT Server 4.0 SP6a
Avaya Modular Messaging (MAS)
Avaya IP600 Media Servers R9
Avaya IP600 Media Servers R8
Avaya IP600 Media Servers R7
Avaya IP600 Media Servers R6
Avaya IP600 Media Servers R12
Avaya IP600 Media Servers R11
Avaya IP600 Media Servers R10
Avaya IP600 Media Servers
Avaya DefinityOne Media Servers R9
Avaya DefinityOne Media Servers R8
Avaya DefinityOne Media Servers R7
Avaya DefinityOne Media Servers R6
Avaya DefinityOne Media Servers R12
Avaya DefinityOne Media Servers R11
Avaya DefinityOne Media Servers R10
Avaya DefinityOne Media Servers
Microsoft Internet Explorer 6.0 SP1

- 不受影响的程序版本

Microsoft Internet Explorer 6.0 SP1

- 漏洞讨论

Microsoft Internet Explorer is affected by an WMF image-parsing memory-corruption vulnerability. This issue is allegedly due to an integer-overflow flaw that leads to corrupted heap memory.

This problem presents itself when a user views a malicious WMF-formatted file containing specially crafted data.

This issue allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploitation attempts likely result in crashing the application.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released advisory MS06-004 to address this issue. Please see the referenced advisory for further information.

Avaya has released an advisory to identify vulnerable products, and recommends that users apply patches released by Microsoft.


Microsoft Internet Explorer 5.0.1 SP4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站