CVE-2006-3643
CVSS6.0
发布时间 :2006-08-08 20:04:00
修订时间 :2011-03-07 21:39:08
NMCOS    

[原文]Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."


[CNNVD]Microsoft管理控制台重新定向跨站脚本漏洞(MS06-044)(CNNVD-200608-114)

        Microsoft Windows是微软发布的非常流行的操作系统。
        Microsoft管理控制台库中的HTML嵌入式资源文件可以通过Internet Explorer从Internet或Intranet区域直接引用,从而导致远程执行代码。如果用户受骗访问的恶意站点的话,就可能触发这个漏洞,导致执行任意代码。

- CVSS (基础分值)

CVSS分值: 6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: SINGLE_INSTANCE [--]

- CWE (弱点类目)

CWE-79 [在Web页面生成时对输入的转义处理不恰当(跨站脚本)]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:ie:6:windows_server_2003_sp1
cpe:/a:microsoft:ie:5.01Microsoft Internet Explorer 5.01

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3643
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3643
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-114
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-220A.html
(PATCH)  CERT  TA06-220A
http://www.kb.cert.org/vuls/id/927548
(PATCH)  CERT-VN  VU#927548
http://www.microsoft.com/technet/security/Bulletin/MS06-044.mspx
(PATCH)  MS  MS06-044
http://xforce.iss.net/xforce/xfdb/28005
(UNKNOWN)  XF  win-mmc-resource-xss(28005)
http://www.vupen.com/english/advisories/2006/3213
(UNKNOWN)  VUPEN  ADV-2006-3213
http://www.securityfocus.com/bid/19417
(UNKNOWN)  BID  19417
http://securitytracker.com/id?1016655
(UNKNOWN)  SECTRACK  1016655
http://secunia.com/advisories/21401
(UNKNOWN)  SECUNIA  21401

- 漏洞信息

Microsoft管理控制台重新定向跨站脚本漏洞(MS06-044)
中危 跨站脚本
2006-08-08 00:00:00 2006-08-09 00:00:00
远程  
        Microsoft Windows是微软发布的非常流行的操作系统。
        Microsoft管理控制台库中的HTML嵌入式资源文件可以通过Internet Explorer从Internet或Intranet区域直接引用,从而导致远程执行代码。如果用户受骗访问的恶意站点的话,就可能触发这个漏洞,导致执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.microsoft.com/downloads/details.aspx?FamilyId=87fe4c18-21dc-4d83-a1d8-503b92fdba2b

- 漏洞信息

27842
Microsoft Management Console (MMC) HTML-embedded Resource XSS Arbitrary Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity Workaround, Patch / RCS
Vendor Verified

- 漏洞描述

- 时间线

2006-08-08 Unknow
Unknow 2006-08-08

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft Management Console Zone Bypass Vulnerability
Access Validation Error 19417
Yes No
2006-08-08 12:00:00 2007-06-27 03:28:00
Yorick Koster of ITsec Security Services, HD Moore, and Tom Gilder are each respectively credited with reporting this vulnerability to the vendor.

- 受影响的程序版本

Nortel Networks Self-Service Speech Server 0
Nortel Networks Self-Service Peri Application 0
Nortel Networks Self-Service MPS 500 0
Nortel Networks Self-Service MPS 1000 0
Nortel Networks Self-Service MPS 100 0
Nortel Networks MCS5100 - Sun Platform 0
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server

- 漏洞讨论

Microsoft Management Console (MMC) is prone to a cross-zone scripting vulnerability because the operating system fails to properly restrict access to MMC components, allowing the MMC files to be referenced from the Internet Zone in some cases.

Exploiting this vulnerability could let an attacker execute arbitrary code, completely compromising the computer.

- 漏洞利用

This issue is currently being exploited in the wild.

A proof-of-concept demonstration is available from an external source. Please see the references for more information.

NOTE: Symantec has not verified the integrity of this proof of concept; users are advised to use caution when running code from external sites.

UPDATE (May 15, 2007): This issue is being exploited by the MPack hacker tool. Please see the references for more information.

- 解决方案

Microsoft has released a security bulletin to address this issue. Please see the references for details.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站