安全研究

安全漏洞
Microsoft ListBox和ComboBox控件缓冲区溢出漏洞(MS03-045)

发布日期:2003-10-15
更新日期:2003-10-17

受影响系统:
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP
Microsoft Windows NT 4.0SP6a
Microsoft Windows 2003
Microsoft Windows 2000SP4
Microsoft Windows 2000SP3
Microsoft Windows 2000SP2
Microsoft Windows 2000SP1
Microsoft Windows 2000
不受影响系统:
Microsoft Windows Millennium Edition
描述:
CVE ID: CVE-2003-0659

Microsoft的ListBox和ComboBox控件都使调用user32.dll文件中的函数。

Microsoft的ListBox和ComboBox控件没有正确验证窗口消息的参数,本地攻击者可以利用这个漏洞进行权限提升。

问题函数没有正确验证特殊构建的窗口消息发送的参数而导致缓冲区溢出。窗口消息提供一个用户事件(如击键或鼠标移动)和其他交互进程通信的方法。由于函数提供给用户的可访问选项列表没有正确验证发送给它的窗口消息而存在一个安全漏洞。在交互桌面的一个进程可以使用特殊窗口消息使ListBox或ComboBox控件执行任意代码。任何由ListBox或ComboBox控件实现的应用程序存在此问题,攻击者可以以高权限在系统上执行任意指令。

攻击者必须交互登录系统,发送特殊窗口消息给任何由ListBox或ComboBox控件实现的应用程序。

<*来源:Microsoft Security Team (secure@microsoft.com
  
  链接:http://www.microsoft.com/technet/security/bulletin/MS03-045.asp
*>

建议:
厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS03-045)以及相应补丁:
MS03-045:Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)
链接:http://www.microsoft.com/technet/security/bulletin/MS03-045.asp

补丁下载:

Microsoft Windows NT Workstation 4.0, Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=5EA88ABE-8D53-4E25-959C-E80EB5FD7A91&displaylang=en

Microsoft Windows NT Server 4.0, Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=F3E87075-AAE5-49F4-9D37-24A116296188&displaylang=en

Microsoft Windows NT Server 4.0, Terminal Server Edition , Service Pack 6

http://www.microsoft.com/downloads/details.aspx?FamilyId=0ADC8D90-2355-49A0-976B-57281B4521C1&displaylang=en

Microsoft Windows 2000, Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=01358EAC-F1C5-4CB7-BE3D-64459F4AD3FD&displaylang=en

Microsoft Windows 2000, Service Pack 3, Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=379F234D-CE7E-4897-8D29-0764997F1E42&displaylang=en

Microsoft Windows XP Gold, Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=ABC764AC-5B7B-4B99-BF3E-F57352E4C507&displaylang=en

Microsoft Windows XP 64-bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=3E7B03BF-2231-4069-B76F-0BD69CF6E1D9&displaylang=en

Microsoft Windows XP 64-bit Edition Version 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=E4BD7C05-EA0E-49C7-9BDD-ABB496CA87CA&displaylang=en

Microsoft Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=02F97DE4-29DF-4D33-A33B-E7630349E69E&displaylang=en

Microsoft Windows Server 2003 64-bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=E4BD7C05-EA0E-49C7-9BDD-ABB496CA87CA&displaylang=en

浏览次数:3429
严重程度:19(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障