BUGTRAQ ID: 31065 CVE ID:CVE-2008-3008 CNCVE ID:CNCVE-20083008 Microsoft Windows Media Encoder 9是一款视频音频编码工具。 Microsoft Windows Media Encoder 9包含的WMEX.DLL ActiveX存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 构建特殊的WEB页,诱使用户访问,可触发此漏洞。目前没有详细漏洞细节提供。 Microsoft Windows Media Encoder 9 x64 + Microsoft Advanced Windows Media Plug-In for Adobe Premier 6.5 (Beta) Microsoft Windows Media Encoder 9 + Microsoft Advanced Windows Media Plug-In for Adobe Premier 6.5 (Beta) 可参考如下临时解决方案: -反注册WMEX.DLL 在管理员命令行中输入如下命令: regsvr32.exe -u "C:\Program Files\Windows Media Components\Encoder\wmex.dll" 要恢复反注册可在在管理员命令行中输入如下命令: regsvr32.exe "C:\Program Files\Windows Media Components\Encoder\wmex.dll" -xianzhi dui WMEX.DLL的访问: Windows 2000, Windows XP, 和Windows Server 2003中在管理员命令行中输入如下命令: Echo y| cacls "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /E /P everyone:N 在Windows Vista和Windows Server 2008中在管理员命令行中输入如下命令: Takeown.exe /f "C:\Program Files\Windows Media...
BUGTRAQ ID: 31065 CVE ID:CVE-2008-3008 CNCVE ID:CNCVE-20083008 Microsoft Windows Media Encoder 9是一款视频音频编码工具。 Microsoft Windows Media Encoder 9包含的WMEX.DLL ActiveX存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 构建特殊的WEB页,诱使用户访问,可触发此漏洞。目前没有详细漏洞细节提供。 Microsoft Windows Media Encoder 9 x64 + Microsoft Advanced Windows Media Plug-In for Adobe Premier 6.5 (Beta) Microsoft Windows Media Encoder 9 + Microsoft Advanced Windows Media Plug-In for Adobe Premier 6.5 (Beta) 可参考如下临时解决方案: -反注册WMEX.DLL 在管理员命令行中输入如下命令: regsvr32.exe -u "C:\Program Files\Windows Media Components\Encoder\wmex.dll" 要恢复反注册可在在管理员命令行中输入如下命令: regsvr32.exe "C:\Program Files\Windows Media Components\Encoder\wmex.dll" -xianzhi dui WMEX.DLL的访问: Windows 2000, Windows XP, 和Windows Server 2003中在管理员命令行中输入如下命令: Echo y| cacls "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /E /P everyone:N 在Windows Vista和Windows Server 2008中在管理员命令行中输入如下命令: Takeown.exe /f "C:\Program Files\Windows Media Components\Encoder\wmex.dll" Icacls.exe "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /save %TEMP%\WMEX_ACL.TXT Icacls.exe "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /deny everyone:(F) 要恢复反注册: Windows 2000, Windows XP, 和Windows Server 2003中在管理员命令行中输入如下命令: cacls "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /E /R everyone 在Windows Vista和Windows Server 2008中在管理员命令行中输入如下命令: icacls "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /grant everyone:(F) icacls "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /restore %TEMP%\WMEX_ACL.TXT 可参考如下补丁: Microsoft Windows Media Encoder 9 Microsoft Security Update for Windows Media Encoder 9 Series for Windows 2000 (KB954156) <a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=0cabfbc0-db5d target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=0cabfbc0-db5d</a> -4a6a-a4cd-e6df89ac2b25 Microsoft Security Update for Windows Media Encoder 9 Series for Windows Server 2003 (KB954156) Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2 <a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=54ce1080-94cf target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=54ce1080-94cf</a> -4e4f-8e09-a7dbab2757c5 Microsoft Security Update for Windows Media Encoder 9 Series for Windows Server 2008 (KB954156) Windows Server 2008 <a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=5434ca66-5a6b target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=5434ca66-5a6b</a> -4517-92fb-72dea0a172ec Microsoft Security Update for Windows Media Encoder 9 Series for Windows Vista (KB954156) Windows Vista; Windows Vista Service Pack 1 <a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=99beebc4-553a target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=99beebc4-553a</a> -46f8-8245-e3d932306c93 Microsoft Security Update for Windows Media Encoder 9 Series for Windows XP Windows XP Service Pack 2 and Windows XP Service Pack 3 <a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=57bcb3c2-49d3 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=57bcb3c2-49d3</a> -4f18-8d03-36abd03d7403 Microsoft Windows Media Encoder 9 x64 Microsoft Security Update for 32-bit Windows Media Encoder 9 Series for Windows Server 2003 x64 Edition (KB954 Windows Server 2003 Service Pack 2 x64 Edition; Windows Server 2003, Datacenter x64 Edition; Windows Server 2003, Enterprise x64 Edition; Windows Server 2003, Standard x64 Edition <a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=c83011cd-90b8 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=c83011cd-90b8</a> -494c-9cad-fa055e101992 Microsoft Security Update for 32-bit Windows Media Encoder 9 Series for Windows XP x64 Edition (KB954156) Windows Server 2003 Service Pack 2 x64 Edition; Windows XP Professional x64 Edition <a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=18efea9e-b103 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=18efea9e-b103</a> -46de-90d9-5e295854cec3 Microsoft Security Update for Windows Media Encoder 9 Series for Windows Server 2003 x64 Edition (KB954156) Windows Server 2003 Service Pack 2 x64 Edition; Windows Server 2003, Datacenter x64 Edition; Windows Server 2003, Enterprise x64 Edition; Windows Server 2003, Standard x64 Edition <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=d8f1b782-136b target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=d8f1b782-136b</a> -443f-b5f2-63aa4d1fd94a Microsoft Security Update for Windows Media Encoder 9 Series for Windows Server 2008 for x64 Edition (KB954156 Windows Server 2008 <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=e30f9427-26d0 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=e30f9427-26d0</a> -4e86-b9b8-bc637c3b5734 Microsoft Security Update for Windows Media Encoder 9 Series for Windows Vista for x64-based Systems (KB954156 Windows Vista 64-bit Editions Service Pack 1; Windows Vista Business 64-bit edition; Windows Vista Enterprise 64-bit edition; Windows Vista Home Basic 64-bit edition; Windows Vista Home Premium 64-bit edition; Windows Vista Ultimate 64-bit edition <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=54d1279a-7f26 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=54d1279a-7f26</a> -4727-a39d-5505bcd4fc53 Microsoft Security Update for Windows Media Encoder 9 Series for Windows XP x64 Edition Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 <a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=ebc1737c-6e78 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=ebc1737c-6e78</a> -4244-a1b2-a56d031f16e9
