安全研究

安全漏洞
Microsoft Windows程序组转换器远程任意代码执行漏洞(MS04-037)

发布日期:2004-10-12
更新日期:2004-10-15

受影响系统:
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows NT 4.0SP6a
Microsoft Windows 2003
Microsoft Windows 2000SP4
Microsoft Windows 2000SP3
描述:
BUGTRAQ  ID: 10677
CVE(CAN) ID: CVE-2004-0572

Microsoft Windows是微软开发的操作系统。

Microsoft Windows程序组转换器在处理特殊构建的请求时存在远程任意代码执行问题,远程攻击者可以利用这个漏洞以登录用户进程权限执行任意命令。

攻击者可以构建特殊文件附件(特殊.grp文件,关联grpconv.exe)或者恶意HTML连接,诱使用户打开,可导致调用程序组转换器执行恶意代码。目前没有详细漏洞细节提供。

<*来源:Roozbeh Afrasiabi (roozbeh_afrasiabi@yahoo.com
  
  链接:http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx
*>

建议:
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 不要打开或保存不信任.grp文件。

* 去除.grp外呢件和grpconv.exe应用程序的关联。

1,把如下代码放入到Un0grpconv.inf中:

[Version]
Signature="$CHICAGO$"
[DefaultInstall]
DelReg=DisableGrpAssociation.DelReg
AddReg=DisableGrpAssociation.AddReg
[DisableGrpAssociation.DelReg]
HKCR,"MSProgramGroup"
[DisableGrpAssociation.AddReg]
HKCR,".grp",,,""
HKCR,"MSProgramGroup",,,""
[DisableGrpAssociation.AddReg.Security]
"D:(D;CI;6;;;WD)(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;0x3001F;;;PU)(A;CIIOID;SDGWGR;;;PU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;CIIOID;GA;;;CO)"

2,右键点击Un-grepconv.inf,然后选择安装。

厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS04-037)以及相应补丁:
MS04-037:Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)
链接:http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx

补丁下载:

Microsoft Windows NT Server 4.0 Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=F8046E83-E151-4AAF-80CB-AD4F31C02EAC

Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

http://www.microsoft.com/downloads/details.aspx?FamilyId=2DCC6C99-509D-41A5-A3C7-CAC017D633E1

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=846E7479-133B-45D7-AA69-D9257F1BE178

Microsoft Windows XP and Microsoft Windows XP Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=FB93CB07-3A7E-444C-B083-324FC9049B94

Microsoft Windows XP 64-Bit Edition Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=FF84BCBE-D1E5-4402-8CE4-F8D9966C79D0

Microsoft Windows XP 64-Bit Edition Version 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=AB91C7FF-2547-455E-9A6D-82B09373495F

Microsoft Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=5C60CA12-0045-42B7-9F2A-6D433DEDC105&

Microsoft Windows Server 2003 64-Bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=AB91C7FF-2547-455E-9A6D-82B09373495F

浏览次数:3818
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障