此漏洞影响使用双字节字符集的Microsoft Internet Explorer浏览器,在解析特定URL时可能导致远程代码执行。受影响的产品包括多个版本的Windows操作系统上的IE 6。微软已发布补丁解决此问题。
By Sowhat of Nevis Labs
Date: 2006.04.11
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor
Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
and Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft
Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets.
Systems that are affected are Windows language versions that use a
Double Byte Character Set language. Examples of languages that use DBCS
are Chinese, Japanese, and Korean languages. Customers using
other language versions of Windows might also be affected if "Language
for non-Unicode programs" has been set to a Double Byte Character Set
language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the
parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the
victim's system when the victim visits a web page or views an HTML email
message.
This attack may be utilized wherever IE parses HTML, such as webpages, email,
newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character
sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we
believe that
exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is
set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com
2005.12.29 Vendor responded
2006.04.11 Vendor released MS06-0xx patch
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list ( http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,
all XFocus and 0x557 guys :)
References:
1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
2. http://www.nsfocus.com/english/homepage/research/0008.htm
3. http://xforce.iss.net/xforce/xfdb/5729
4. http://www.securityfocus.com/bid/2100/discuss
5. http://www.inter-locale.com/whitepaper/IUC27-a303.html
6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
7. [Mozilla Firefox IDN "Host:" Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x18-advisory.txt
9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com
/research/devnotes/1995/may/02/05.htm
Date: 2006.04.11
http://www.nevisnetworks.com
http://secway.org/advisory/AD20060411.txt
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
CVE: CVE-2006-1189
Vendor
Microsoft Inc.
Products affected:
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
and Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, Microsoft
Windows 98 SE, and Microsoft Windows Millennium Edition
This vulnerability affects systems that use Double-Byte Character Sets.
Systems that are affected are Windows language versions that use a
Double Byte Character Set language. Examples of languages that use DBCS
are Chinese, Japanese, and Korean languages. Customers using
other language versions of Windows might also be affected if "Language
for non-Unicode programs" has been set to a Double Byte Character Set
language.
Overview:
There exists a buffer overflow in Microsoft Internet Explorer in the
parsing of DBCS URLS.
This vulnerability could allow an attacker to execute arbitrary code on the
victim's system when the victim visits a web page or views an HTML email
message.
This attack may be utilized wherever IE parses HTML, such as webpages, email,
newsgroups, and within applications utilizing web-browsing functionality.
Details:
URLMON.DLL does not properly validate IDN containing double-byte character
sets (DBCS), which may lead to remote code execution.
Exploiting this vulnerability seems to need a lot of more work but we
believe that
exploitation is possible.
POC:
No PoC will be released for this.
FIX:
Microsoft has released an update for Internet Explorer which is
set to address this issue. This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
Vendor Response:
2005.12.29 Vendor notified via secure@microsoft.com
2005.12.29 Vendor responded
2006.04.11 Vendor released MS06-0xx patch
2006.04.11 Advisory released
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list ( http://cve.mitre.org), which standardizes
names for security problems.
CVE-2006-1189
Greetings to Lennart@MS, Chi, OYXin, Narasimha Datta, all Nevis Labs guys,
all XFocus and 0x557 guys :)
References:
1. http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx
2. http://www.nsfocus.com/english/homepage/research/0008.htm
3. http://xforce.iss.net/xforce/xfdb/5729
4. http://www.securityfocus.com/bid/2100/discuss
5. http://www.inter-locale.com/whitepaper/IUC27-a303.html
6. http://blogs.msdn.com/michkap/archive/2005/10/28/486034.aspx
7. [Mozilla Firefox IDN "Host:" Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x17-advisory.txt
8. [Mozilla Firefox 1.5 Beta 1 IDN Buffer Overflow]
http://www.security-protocols.com/advisory/sp-x18-advisory.txt
9. http://72.14.203.104/search?q=cache:Dxn-V4fil1IJ:developer.novell.com
/research/devnotes/1995/may/02/05.htm
扫一扫
1181
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
