首页 -> 安全研究
安全研究
安全漏洞
Microsoft IE基于Cookie脚本执行漏洞(MS02-015)
发布日期:2002-03-29
更新日期:2002-04-02
受影响系统:
Microsoft Internet Explorer 5.0.1SP1描述:
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 5.0.1SP2
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 5.5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows ME
- Microsoft Windows 98 SE
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 5.5SP1
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows ME
- Microsoft Windows 98 SE
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 5.5SP2
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows ME
- Microsoft Windows 98 SE
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 6.0
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows ME
- Microsoft Windows 98 SE
- Microsoft Windows 98
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
BUGTRAQ ID: 4392
CVE(CAN) ID: CVE-2002-0078
Microsoft Internet Explorer是微软公司开发和维护的流行的WEB浏览器,可使用在多种系统平台下。
Microsoft Internet Explorer由于处理Cookie的方法存在缺陷,可导致嵌入在Cookie中的脚本在本地网络(intranet)安全区域中执行。
Microsoft Internet Explorer在区域判断功能上存在漏洞,允许嵌入到Cookie中的脚本可在本地网络(intranet)安全区域中执行。当HTML脚本存储在Cookie中时,它们需要与Cookie关联的主机运行在一个安全区域,这一般来说是运行在Internet区域中,攻击者可以在Cookie中放置脚本代码然后存储在用户硬盘上,当Cookie被站点打开时脚本代码就会在本地网络(intranet)安全区域中执行,导致安全问题产生。
<*来源:Andreas Sandblad (sandblad@acc.umu.se)
链接:http://www.microsoft.com/technet/security/bulletin/MS02-015.asp
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 暂时没有合适的临时解决方法。
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS02-015)以及相应补丁:
MS02-015:28 March 2002 Cumulative Patch for Internet Explorer
链接:http://www.microsoft.com/technet/security/bulletin/MS02-015.asp
补丁下载:
Microsoft Internet Explorer 5.0.1 SP2:
Microsoft Patch Q319182 IE5.01 SP2
http://download.microsoft.com/download/ie501sp2/secpac26/5.01_sp2/W982KNT4/EN-US/q319182.exe
Microsoft Internet Explorer 5.0.1 SP1:
Microsoft Internet Explorer 5.5 SP2:
Microsoft Patch Q319182 IE5.5 SP2
http://download.microsoft.com/download/ie55sp2/secpac26/5.5_sp2/WIN98Me/EN-US/q319182.exe
Microsoft Internet Explorer 5.5 SP1:
Microsoft Patch Q319182 IE5.5 SP1
http://download.microsoft.com/download/ie55sp1/secpac26/5.5_sp1/WIN98Me/EN-US/q319182.exe
Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0:
Microsoft Patch Q319182 IE6
http://download.microsoft.com/download/IE60/secpac26/6/W98NT42KMeXP/EN-US/q319182.exe
浏览次数:3425
严重程度:0(网友投票)
绿盟科技给您安全的保障