安全研究

安全漏洞
Microsoft Shell拖放代码执行漏洞(MS05-008)

发布日期:2005-02-08
更新日期:2005-02-13

受影响系统:
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows 2003
Microsoft Windows 2000SP4
Microsoft Windows 2000SP3
描述:
CVE(CAN) ID: CVE-2005-0053

Windows拖放技术是一款DHTML事件,由DHTML对象模型提供特殊动作。

Windows在处理拖放事件方式上存在问题,远程攻击者可以利用这个漏洞提升特权。

攻击者可以通过构建恶意站点来利用此漏洞,恶意WEB页利用这个拖放漏洞允许攻击者保存文件到用户系统,并可能控制整个系统。

<*来源:Microsoft Security Team (secure@microsoft.com
  
  链接:http://www.microsoft.com/technet/security/bulletin/ms05-008.mspx
*>

建议:
厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS05-008)以及相应补丁:
MS05-008:Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
链接:http://www.microsoft.com/technet/security/bulletin/ms05-008.mspx

补丁下载:

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=3B6A6CC1-CCE4-4462-A0D2-E88D38DEF807

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=865B5D9D-FC5B-4F91-A860-2C35A025A907

Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)

http://www.microsoft.com/downloads/details.aspx?FamilyId=B6DAA99A-6E0B-477D-99E9-5237BCF57762

Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)

http://www.microsoft.com/downloads/details.aspx?FamilyId=9EE7FF53-20EC-4B75-A255-72DD0AB52FF3

Microsoft Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=80AA33F4-E5B0-42A6-844B-F80D6168E25E

Microsoft Windows Server 2003 for Itanium-based Systems

http://www.microsoft.com/downloads/details.aspx?FamilyId=9EE7FF53-20EC-4B75-A255-72DD0AB52FF3

浏览次数:5136
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障