CVE-2006-0585
CVSS5.0
发布时间 :2006-02-07 20:02:00
修订时间 :2013-01-03 00:00:00
NMCO    

[原文]jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference.


[CNNVD]Microsoft Internet Explorer Flash ActionScript JScript 拒绝服务漏洞(CNNVD-200602-081)

        Microsoft Internet Explorer 6.0 SP1及之前版本中的jscript.dll可使远程攻击者借助包含ActionScript代码(调用VBScript,而VBScript反过来又调用Javascript document.write功能,该功能会触发null解除引用)的Shockwave Flash对象来造成拒绝服务(应用程序崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:ie:3.2Microsoft Internet Explorer 3.2
cpe:/a:microsoft:ie:5.00.3103.1000Microsoft Internet Explorer 5.01 SP1 (Windows 2000 SP1)
cpe:/a:microsoft:ie:5.00.2014.0216Microsoft Internet Explorer 5
cpe:/a:microsoft:ie:5.01:sp2Microsoft Internet Explorer 5.01 SP2
cpe:/a:microsoft:ie:5.01:sp3Microsoft Internet Explorer 5.01 SP3
cpe:/a:microsoft:ie:5.0.1:sp4Microsoft Internet Explorer 5.0.1 Service Pack 4
cpe:/a:microsoft:ie:5.00.3502.1000Microsoft Internet Explorer 5.01 SP3 (Windows 2000 SP3 only)
cpe:/a:microsoft:ie:5.00.3700.1000Microsoft Internet Explorer 5.01 SP4 (Windows 2000 SP4 only)
cpe:/a:microsoft:ie:5.00.2516.1900Microsoft Internet Explorer 5.01 (Windows 2000 Beta 3, build 5.00.2031)
cpe:/a:microsoft:ie:5.01:sp4Microsoft Internet Explorer 5.01 Service Pack 4
cpe:/a:microsoft:ie:5.00.3314.2101Microsoft Internet Explorer 5.01 SP2 (Windows 95/98 and Windows NT 4.0)
cpe:/a:microsoft:ie:5.50.4807.2300Microsoft Internet Explorer 5.5 Service Pack 2
cpe:/a:microsoft:ie:5.0.1:sp1Microsoft Internet Explorer 5.0.1 SP1
cpe:/a:microsoft:ie:5.50.4030.2400Microsoft Internet Explorer 5.5 and Internet Tools Beta
cpe:/a:microsoft:ie:5.5Microsoft ie 5.5
cpe:/a:microsoft:ie:3.1Microsoft Internet Explorer 3.1
cpe:/a:microsoft:ie:4.70.1158Microsoft Internet Explorer 3.0 (Windows 95 OSR2)
cpe:/a:microsoft:ie:5.0.1Microsoft Internet Explorer 5.0.1
cpe:/a:microsoft:ie:5.00.3315.1000Microsoft Internet Explorer 5.01 SP2 (Windows 2000 SP2)
cpe:/a:microsoft:ie:5.00.3105.0106Microsoft Internet Explorer 5.01 SP1 (Windows 95/98 and Windows NT 4.0)
cpe:/a:microsoft:ie:4.72.3110.8Microsoft Internet Explorer 4.01 Service Pack 1 (Windows 98)
cpe:/a:microsoft:ie:5.2.3Microsoft Internet Explorer 5.2.3
cpe:/a:microsoft:ie:5.00.2920.0000Microsoft Internet Explorer 5.01 (Windows 2000, build 5.00.2195)
cpe:/a:microsoft:ie:5.1Microsoft Internet Explorer 5.1
cpe:/a:microsoft:ie:4.1Microsoft Internet Explorer 4.1
cpe:/a:microsoft:ie:6:sp1Microsoft Internet Explorer 6 Service Pack 1
cpe:/a:microsoft:ie:4.70.1155Microsoft Internet Explorer 3.0
cpe:/a:microsoft:ie:5.50.4522.1800Microsoft Internet Explorer 5.5 Service Pack 1
cpe:/a:microsoft:ie:4.0.1:sp2Microsoft Internet Explorer 4.0.1 SP2
cpe:/a:microsoft:ie:4.72.3612.1713Microsoft Internet Explorer 4.01 Service Pack 2
cpe:/a:microsoft:ie:4.70.1300Microsoft Internet Explorer 3.02 and 3.02a
cpe:/a:microsoft:ie:5.0.1:sp3Microsoft Internet Explorer 5.0.1 SP3
cpe:/a:microsoft:ie:3.0Microsoft Internet Explorer 3.0
cpe:/a:microsoft:ie:5.00.2919.3800Microsoft Internet Explorer 5.01 (Windows 2000 RC2, build 5.00.2128)
cpe:/a:microsoft:ie:4.0Microsoft Internet Explorer 4.0
cpe:/a:microsoft:ie:5.01Microsoft Internet Explorer 5.01
cpe:/a:microsoft:ie:4.72.2106.8Microsoft Internet Explorer 4.01
cpe:/a:microsoft:ie:5.5:sp2Microsoft Internet Explorer 5.5 SP2
cpe:/a:microsoft:ie:5.01:sp1Microsoft Internet Explorer 5.01 SP1
cpe:/a:microsoft:ie:5.00.0518.10Microsoft Internet Explorer 5 Developer Preview (Beta 1)
cpe:/a:microsoft:ie:5.00.2919.800Microsoft Internet Explorer 5.01 (Windows 2000 RC1, build 5.00.2072)
cpe:/a:microsoft:ie:4.0.1:sp1Microsoft Internet Explorer 4.0.1 SP1
cpe:/a:microsoft:ie:4.71.544Microsoft Internet Explorer 4.0 Platform Preview 1.0 (PP1)
cpe:/a:microsoft:ie:5.50.4134.0100Microsoft Internet Explorer 5.5 for Windows Me (4.90.3000)
cpe:/a:microsoft:ie:5.00.2919.6307Microsoft Internet Explorer 5.01 (Office 2000 SR-1)
cpe:/a:microsoft:ie:5.50.4308.2900Microsoft Internet Explorer 5.5 Advanced Security Privacy Beta
cpe:/a:microsoft:ie:4.40.308Microsoft Internet Explorer 1.0
cpe:/a:microsoft:ie:4.70.1215Microsoft Internet Explorer 3.01
cpe:/a:microsoft:ie:4.5Microsoft Internet Explorer 4.5
cpe:/a:microsoft:ie:4.01:sp1Microsoft Internet Explorer 4.01 SP1
cpe:/a:microsoft:ie:4.01Microsoft Internet Explorer 4.01
cpe:/a:microsoft:ie:3.0.1Microsoft Internet Explorer 3.0.1
cpe:/a:microsoft:ie:5.5:sp1Microsoft Internet Explorer 5.5 SP1
cpe:/a:microsoft:ie:5.00.2314.1003Microsoft Internet Explorer 5 (Office 2000)
cpe:/a:microsoft:ie:3.0.2Microsoft Internet Explorer 3.0.2
cpe:/a:microsoft:ie:4.71.1008.3Microsoft Internet Explorer 4.0 Platform Preview 2.0 (PP2)
cpe:/a:microsoft:ie:5.00.2614.3500Microsoft Internet Explorer 5 (Windows 98 Second Edition)
cpe:/a:microsoft:ie:4.40.520Microsoft Internet Explorer 2.0
cpe:/a:microsoft:ie:5.00.0910.1309Microsoft Internet Explorer 5 Beta (Beta 2)
cpe:/a:microsoft:ie:4.71.1712.6Microsoft Internet Explorer 4.0
cpe:/a:microsoft:ie:5.50.3825.1300Microsoft Internet Explorer 5.5 Developer Preview (Beta)
cpe:/a:microsoft:ie:5.0Microsoft Internet Explorer 5.0
cpe:/a:microsoft:ie:5.0.1:sp2Microsoft Internet Explorer 5.0.1 SP2
cpe:/a:microsoft:ie:5.50.4134.0600Microsoft Internet Explorer 5.5
cpe:/a:microsoft:ie:5.5:previewMicrosoft Internet Explorer 5.5 preview
cpe:/a:microsoft:ie:4.0.1Microsoft Internet Explorer 4.0.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0585
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0585
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200602-081
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/16441
(UNKNOWN)  BID  16441
http://www.securityfocus.com/archive/1/archive/1/425422/30/6890/threaded
(UNKNOWN)  BUGTRAQ  20060217 Re: Internet Explorer remotely exploitable vulnerability in JScript's document.write() method
http://www.securityfocus.com/archive/1/archive/1/423675/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060131 Internet Explorer remotely exploitable vulnerability in JScript's document.write() method
http://securitytracker.com/id?1015559
(UNKNOWN)  SECTRACK  1015559

- 漏洞信息

Microsoft Internet Explorer Flash ActionScript JScript 拒绝服务漏洞
中危 其他
2006-02-07 00:00:00 2006-02-08 00:00:00
远程  
        Microsoft Internet Explorer 6.0 SP1及之前版本中的jscript.dll可使远程攻击者借助包含ActionScript代码(调用VBScript,而VBScript反过来又调用Javascript document.write功能,该功能会触发null解除引用)的Shockwave Flash对象来造成拒绝服务(应用程序崩溃)。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本.

- 漏洞信息

22977
Microsoft IE jscript.dll document.write() NULL Pointer DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-01-31 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站