安全研究
安全漏洞
Microsoft Authenticode校验远程任意代码执行漏洞(MS03-041)
发布日期:2003-10-15
更新日期:2003-10-17
受影响系统:
Microsoft Windows XP Professional SP1不受影响系统:
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP
Microsoft Windows NT 4.0SP6a
Microsoft Windows 2003
Microsoft Windows 2000SP4
Microsoft Windows 2000SP3
Microsoft Windows 2000SP2
Microsoft Windows 2000SP1
Microsoft Windows 2000
Microsoft Windows Millennium Edition描述:
CVE(CAN) ID: CVE-2003-0660
Microsoft Authenticode是一款允许用户验证ActiveX控件的技术。
Microsoft Authenticode存在访问验证问题,可允许ActiveX控件在没有任何提示的情况下下载和安装。
要利用这个漏洞,攻击者必须构建恶意页面,诱使用户访问,并使ActiveX控件在用户系统上安装和执行。另外,攻击者可以建立特殊的HTML邮件发送给用户,当用户浏览邮件时,未授权的ActiveX控件可在用户系统上安装和执行。
Authenticode存在的漏洞可使上述两个情况中以用户权限没有任何提示情况下安装恶意控件,导致系统被控制。
<*来源:Microsoft Security Team (secure@microsoft.com)
链接:http://www.microsoft.com/technet/security/bulletin/MS03-041.asp
*>
建议:
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS03-041)以及相应补丁:
MS03-041:Vulnerability in Authenticode Could Allow Remote code Execution (823182)
链接:http://www.microsoft.com/technet/security/bulletin/MS03-041.asp
补丁下载:
Microsoft Windows NT Workstation 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=921466F5-BC40-4E8E-BB57-6B81B57C21B6&displaylang=en
Microsoft Windows NT Server 4.0, Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=21F64FF0-9175-42BE-A8E4-BDC59A98BDF2&displaylang=en
Microsoft Windows NT Server 4.0, Terminal Server Edition , Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=C6688576-4682-4A30-BBD7-1817F2944890&displaylang=en
Microsoft Windows 2000, Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=C862E049-58B2-4486-8D98-23183D7EE17D&displaylang=en
Microsoft Windows 2000, Service Pack 3, Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=90D27AEC-7D2A-45FD-B85A-E98E574338F1&displaylang=en
Microsoft Windows XP Gold, Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=6CDF5303-D767-4D68-9BA7-055E93E87847&displaylang=en
Microsoft Windows XP 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=D92EF2E8-C03A-43C0-B428-D76C4B669151&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en
Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=135D8C00-7B4B-4C21-8EAA-D58814635E0D&displaylang=en
Microsoft Windows Server 2003 64-bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11&displaylang=en
浏览次数:5691
严重程度:0(网友投票)
绿盟科技给您安全的保障