CVE-2006-1188
CVSS7.5
发布时间 :2006-04-11 19:02:00
修订时间 :2011-03-07 21:32:20
NMCOS    

[原文]Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.


[CNNVD]Microsoft Internet Explorer HTML标签内存破坏漏洞(MS06-013)(CNNVD-200604-164)

        Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。
        Internet Explorer在处理有特制标签的HTML元素时可能会破坏系统内存,成功利用这个漏洞的攻击者可以完全控制受影响的系统。
        攻击者可以创建恶意的Web页面,如果用户访问了该页面的话就会导致内存破坏。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:ie:5.2.3::macintosh
cpe:/a:microsoft:ie:6.0.2900.2180Microsoft Internet Explorer 6.0.2900.2180
cpe:/a:microsoft:ie:6.0.2600Microsoft Internet Explorer 6.0.2600
cpe:/a:microsoft:ie:6.0.2800Microsoft Internet Explorer 6.0.2800
cpe:/a:microsoft:ie:6:windows_2000_sp4
cpe:/a:microsoft:ie:6.0:sp2
cpe:/a:microsoft:ie:5.1Microsoft Internet Explorer 5.1
cpe:/a:microsoft:ie:6:sp1Microsoft Internet Explorer 6 Service Pack 1
cpe:/a:microsoft:ie:5.5:sp1Microsoft Internet Explorer 5.5 SP1
cpe:/a:microsoft:ie:6.0Microsoft Internet Explorer 6.0
cpe:/a:microsoft:ie:6.0::windows_server_2003
cpe:/a:microsoft:ie:5.5Microsoft ie 5.5
cpe:/h:canon:network_camera_server_vb101Canon Network Camera Server VB101
cpe:/a:microsoft:ie:6:windows_server_2003_sp1
cpe:/a:microsoft:ie:5.1::mac_os
cpe:/a:microsoft:ie:6.0.2800.1106Microsoft Internet Explorer 6.0.2800.1106
cpe:/a:microsoft:ie:6.0:sp1
cpe:/a:microsoft:ie:6::windows_xp_professional_64bit
cpe:/a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems
cpe:/a:microsoft:ie:6:sp1:windows_xpsp1
cpe:/a:microsoft:ie:6:windows_xp_sp2
cpe:/a:microsoft:ie:5.5:previewMicrosoft Internet Explorer 5.5 preview
cpe:/a:microsoft:ie:5.5:sp2Microsoft Internet Explorer 5.5 SP2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1773IE6 HTML Tag Memory Corruption (WinXP)
oval:org.mitre.oval:def:1296IE6 HTML Tag Memory Corruption (Server 2003)
oval:org.mitre.oval:def:1290IE6 HTML Tag Memory Corruption (Win2K/WinXP)
oval:org.mitre.oval:def:1144IE6 HTML Tag Memory Corruption (Server 2003,SP1)
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1188
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1188
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-164
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/824324
(PATCH)  CERT-VN  VU#824324
http://www.us-cert.gov/cas/techalerts/TA06-101A.html
(UNKNOWN)  CERT  TA06-101A
http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx
(PATCH)  MS  MS06-013
http://www.vupen.com/english/advisories/2006/1318
(UNKNOWN)  VUPEN  ADV-2006-1318
http://www.securityfocus.com/archive/1/archive/1/435096/30/4710/threaded
(UNKNOWN)  BUGTRAQ  20060525 [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2
http://securitytracker.com/id?1015900
(UNKNOWN)  SECTRACK  1015900
http://secunia.com/advisories/18957
(UNKNOWN)  SECUNIA  18957

- 漏洞信息

Microsoft Internet Explorer HTML标签内存破坏漏洞(MS06-013)
高危 设计错误
2006-04-11 00:00:00 2006-04-12 00:00:00
远程  
        Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。
        Internet Explorer在处理有特制标签的HTML元素时可能会破坏系统内存,成功利用这个漏洞的攻击者可以完全控制受影响的系统。
        攻击者可以创建恶意的Web页面,如果用户访问了该页面的话就会导致内存破坏。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx?pf=true

- 漏洞信息

24545
Microsoft IE HTML Element Crafted Tag Arbitrary Code Execution
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-04-11 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
Design Error 17468
Yes No
2006-04-11 12:00:00 2006-05-26 07:48:00
Thomas Waldegger is credited with the discovery of this vulnerability.

- 受影响的程序版本

Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional

- 漏洞讨论

Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This is related to the handling of certain HTML tags.

Attackers could exploit this issue via a malicious web page to execute arbitrary code in the context of the currently logged-in user. They could also use HTML email for the attack.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

The following proof-of-concept exploits are available to crash Internet Explorer:

- 解决方案

Microsoft has released a cumulative security update to address this issue. Updates for Internet Explorer on Windows 98/98SE/ME may be obtained through Windows Update.

Reportedly, the fixes provided in MS06-013 may cause unintended breakage with certain ActiveX controls. Symantec has not confirmed this. Before deploying this patch in production environments, test the patch thoroughly to ensure that it doesn't interfere with other software.


Microsoft Internet Explorer 6.0 SP1

Microsoft Internet Explorer 6.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站