安全研究

安全漏洞
Windows Help和Support Center远程缓冲区溢出漏洞(MS03-044)

发布日期:2003-10-15
更新日期:2003-10-17

受影响系统:
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP
Microsoft Windows NT 4.0SP6a
Microsoft Windows Millennium Edition
Microsoft Windows 2003
Microsoft Windows 2000SP4
Microsoft Windows 2000SP3
Microsoft Windows 2000SP2
Microsoft Windows 2000SP1
Microsoft Windows 2000
描述:
CVE(CAN) ID: CVE-2003-0711

帮助和支持中心可以提供用户集中化服务和帮助,如提供产品文档,判断硬件兼容性帮助,访问Windows更新,Microsoft在线帮助等。用户和程序可以通过使用"hcp://"前缀执行URI链接来访问帮助和支持中心。

帮助和支持中心在处理HCP协议时缺少正确的缓冲区边界检查,远程攻击者可以利用这个漏洞构建恶意URL,诱使用户访问,可能以用户进程权限在系统上执行任意指令。

问题是由于HCP协议关联的一个文件包含一个未充分检查的缓冲区,攻击者可以通过构建恶意恶意URL来利用此漏洞,当用户点击时,就可以导致以用户进程权限在系统上执行任意代码。URL可以以WEB页面为宿主,也可以通过EMAIL发送来触发。

<*来源:Microsoft Security Team (secure@microsoft.com
  
  链接:http://www.microsoft.com/technet/security/bulletin/MS03-044.asp
*>

建议:
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 取消HCP协议的注册:

删除如下注册表键值可取消HCP协议的注册:

HKEY_CLASSES_ROOT\HCP

厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS03-044)以及相应补丁:
MS03-044:Buffer Overflow in Windows Help and Support Center Could lead to System Compromise (825119)
链接:http://www.microsoft.com/technet/security/bulletin/MS03-044.asp

补丁下载:

Microsoft Windows Millennium Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=7D6F4228-0E31-4F46-9795-5CDD566BB3B8&displaylang=en

Microsoft Windows NT Workstation 4.0, Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=88BCDC9A-E370-47D8-B818-4E659C7F95AE&displaylang=en

Microsoft Windows NT Server 4.0, Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=735602AC-BA6E-40D4-8A20-3441F02A25CB&displaylang=en

Microsoft Windows NT Server 4.0, Terminal Server Edition , Service Pack 6

http://www.microsoft.com/downloads/details.aspx?FamilyId=5C16FFAB-9CE7-4444-9AA5-BC6ABE3FD479&displaylang=en

Microsoft Windows 2000, Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=62B23A0C-67F0-4F11-A95E-E4FB080A63C6&displaylang=en

Microsoft Windows 2000, Service Pack 3, Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=C2AB63FD-35CA-4D33-9F8C-8BF5DE2D1117&displaylang=en

Microsoft Windows XP Gold, Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=84317458-0BEB-4B2C-A095-66CA09DFDAC6&displaylang=en

Microsoft Windows XP 64-bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=97F4868A-5E41-4657-B9FC-7EA13954B982&displaylang=en

Microsoft Windows XP 64-bit Edition Version 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en

Microsoft Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=40F25862-A815-4674-9175-E3640E3EFD49&displaylang=en

Microsoft Windows Server 2003 64-bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&displaylang=en

浏览次数:3577
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障