首页 -> 安全研究

安全研究

紧急通告
绿盟科技紧急通告(Alert2007-09)

NSFOCUS安全小组(security@nsfocus.com)
http://www.nsfocus.com

微软发布8月份安全公告 修复多个严重安全漏洞

发布日期:2007-08-15


综述:
======
微软发布了8月份的9篇安全公告,这些公告描述并修复了14个安全漏洞,其中8个漏洞属于“紧急”风险级别。攻击者利用这些漏洞可能远程入侵并完全控制客户端系统。

我们强烈建议使用Windows操作系统的用户立刻检查一下您的系统是否受此漏洞影响,并按照我们提供的解决方法予以解决。

分析:
======
微软发布了8月份的9篇最新的安全公告:MS07-042到MS07-050。这些安全公告分别描述了14个安全问题,分别是有关各版本的Microsoft Windows、IE、Excel和Virtual PC/Virtual Server等产品和服务中的漏洞。

1. MS07-042 Microsoft XML Core服务中的漏洞可能允许远程执行代码(936227)

    - 受影响软件:
    
    操作系统:Microsoft Windows 2000 Service Pack 4
    组件:
    Microsoft XML Core Services 3.0
    Microsoft XML Core Services 4.0
    Microsoft XML Core Services 6.0
    
    操作系统:Windows XP Service Pack 2
    组件:
    Microsoft XML Core Services 3.0
    Microsoft XML Core Services 4.0
    Microsoft XML Core Services 6.0

    操作系统:Windows XP Professional x64 Edition和Windows XP Professional
    x64 Edition Service Pack 2
    组件:
    Microsoft XML Core Services 3.0
    Microsoft XML Core Services 4.0
    Microsoft XML Core Services 6.0
    
    操作系统:Windows Server 2003 Service Pack 1和Service Pack 2
    组件:
    Microsoft XML Core Services 3.0
    Microsoft XML Core Services 4.0
    Microsoft XML Core Services 6.0
    
    操作系统:Windows Server 2003 x64 Edition和Windows Server 2003 x64 Edition
    Service Pack 2
    组件:
    Microsoft XML Core Services 3.0
    Microsoft XML Core Services 4.0
    Microsoft XML Core Services 6.0
        
    操作系统:Windows Server 2003 with SP1 for Itanium-based Systems和Windows
    Server 2003 with SP2 for Itanium-based Systems
    组件:
    Microsoft XML Core Services 3.0
    Microsoft XML Core Services 4.0
    Microsoft XML Core Services 6.0
    
    操作系统:Windows Vista
    组件:
    Microsoft XML Core Services 3.0
    Microsoft XML Core Services 4.0
    Microsoft XML Core Services 6.0    

    Office软件:Microsoft Office 2003 Service Pack 2、2007 Microsoft Office System、
    Microsoft Office SharePoint Server和Microsoft Office Groove Server 2007
    组件:
    Microsoft XML Core Services 5.0
                        
    - 漏洞描述:

    特制的脚本请求可能导致在使用Microsoft XML Core服务时出现内存破坏。成功
    利用这个漏洞的攻击者可以以登录用户的权限对系统进行更改,如果用户以管理
    权限登录的话,攻击者就可以完全控制受影响的系统。
    
    风险级别和漏洞标识
__________________________________________________
|受影响软件       |Microsoft XML    |总体风险级别 |
|                 |Core服务漏洞     |             |
|                 |CVE-2007-2223    |             |
|_________________|_________________|_____________|
|Windows 2000     |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|2000 SP4上的     |紧急             | 紧急        |
|XML Core Services|远程代码执行     |             |
|3.0、4.0、6.0    |                 |             |
|_________________|_________________|_____________|
|Windows XP       |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|XP SP2、XP Pro   |紧急             | 紧急        |
|x64版、XP Pro x64|远程代码执行     |             |
|版SP2上的XML Core|                 |             |
|Services 3.0、   |                 |             |
|4.0、6.0         |                 |             |
|_________________|_________________|_____________|
|Server 2003      |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|2003 SP1、2003   |中等             | 中等        |
|SP2、2003 x64版、|远程代码执行     |             |
|2003 x64版SP2、  |                 |             |
|基于Itanium系统的|                 |             |
|2003 SP1和SP2上的|                 |             |
|XML Core Services|                 |             |
|3.0、4.0、6.0    |                 |             |
|_________________|_________________|_____________|
|Windows Vista    |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Vista、Vista     |紧急             | 紧急        |
|x64版上的XML     |远程代码执行     |             |
|Core Services    |                 |             |
|3.0、4.0、6.0    |                 |             |
|_________________|_________________|_____________|
|Office套件       |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|安装了XML Core   |紧急             | 紧急        |
|Services 5.0、6.0|远程代码执行     |             |
|的Office 2003    |                 |             |
|System、Office   |                 |             |
|SharePoint Server|                 |             |
|和Office Groove  |                 |             |
|Server 2007      |                 |             |
|_________________|_________________|_____________|
  
    - 临时解决方案:

    * 将Internet Explorer配置为在Internet和本地Intranet安全区域中运行ActiveX
    控件之前进行提示    
    * 将Internet 和本地Intranet安全区域设置设为“高”,以便在这些区域中运行
    ActiveX控件和活动脚本之前进行提示
                  
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带的
    "Windows update"功能下载最新补丁。
    
    您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
    http://www.microsoft.com/china/technet/security/bulletin/MS07-042.mspx
    
2. MS07-043 - OLE自动化中的漏洞可能允许远程执行代码(921503)

    - 受影响系统:
    
    Microsoft Windows 2000 Service Pack 4
    Windows XP Service Pack 2
    Windows XP Professional x64 Edition和Windows XP Professional x64 Edition
    Service Pack 2
    Microsoft Windows Server 2003 Service Pack 1和Microsoft Windows Server
    2003 Service Pack 2
    Microsoft Windows Server 2003 x64 Edition Service Pack 1和Microsoft Windows
    Server 2003 x64 Edition Service Pack 2    
    Microsoft Windows Server 2003 with SP1 for Itanium-based Systems和Microsoft
    Windows Server 2003 with SP2 for Itanium-based Systems
    Microsoft Office 2004 for Mac
    Microsoft Visual Basic 6.0 Service Pack 6

    - 漏洞描述:

    特制的脚本请求可能导致在使用OLE自动化时出现内存破坏。成功利用这个漏洞的
    攻击者可以以登录用户的权限对系统进行更改,如果用户以管理权限登录的话,
    攻击者就可以完全控制受影响的系统。

    风险级别和漏洞标识
__________________________________________________
|受影响软件       |OLE自动化内存破坏|总体风险级别 |
|                 |漏洞             |             |
|                 |CVE-2007-2224    |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows 2000     |紧急             | 紧急        |
|SP4              |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows XP       |紧急             | 紧急        |
|SP2              |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows XP Pro   |紧急             | 紧急        |
|x64版和XP Pro x64|远程代码执行     |             |
|版SP2            |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |中等             | 中等        |
|2003 SP1和Windows|远程代码执行     |             |
|Server 2003 SP2  |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |中等             | 中等        |
|2003 x64版和     |远程代码执行     |             |
|Windows Server   |                 |             |
|2003 x64版SP2    |                 |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |中等             | 中等        |
|2003 with SP1    |远程代码执行     |             |
|for Itanium-based|                 |             |
|Systems和Windows |                 |             |
|Server 2003 with |                 |             |
|SP2 for Itanium- |                 |             |
|based Systems    |                 |             |
|_________________|_________________|_____________|            
|                 |                 |             |
|Microsoft Office |紧急             | 紧急        |
|2004 for Mac     |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Microsoft Visual |紧急             | 紧急        |
|Basic 6.0 SP6    |远程代码执行     |             |
|_________________|_________________|_____________|
    
    - 临时解决方案:
    
    * 将Internet Explorer配置为在Internet和本地Intranet安全区域中运行ActiveX
    控件之前进行提示    
    * 将Internet 和本地Intranet安全区域设置设为“高”,以便在这些区域中运行
    ActiveX控件和活动脚本之前进行提示
    
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带
    的"Windows update"功能下载最新补丁。

    您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
    http://www.microsoft.com/china/technet/security/bulletin/MS07-043.mspx
    
3. MS07-044 Microsoft Excel中的漏洞可能导致远程执行代码(940965)

    - 受影响软件:
  
    Microsoft Office 2000 Service Pack 3
    Microsoft Office XP Service Pack 3
    Microsoft Office 2003 Service Pack 2
    Microsoft Office 2004 for Mac

    - 漏洞描述:

    Excel在表示Workspace的索引值时没有执行充分的验证,如果用户受骗打开了恶
    意的Excel文件的话就可能导致执行任意代码。

    风险级别和漏洞标识
__________________________________________________
|受影响软件       |Workspace内存破坏|总体风险级别 |
|                 |漏洞             |             |
|                 |CVE-2007-3890    |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Excel 2000 SP3   |紧急             | 紧急        |
|                 |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Excel 2002 SP3   |重要             | 重要        |
|                 |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Excel 2003 SP2   |重要             | 重要        |
|                 |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Excel 2003 Viewer|重要             | 重要        |
|                 |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Office 2004 for  |重要             | 重要        |
|Mac              |远程代码执行     |             |
|_________________|_________________|_____________|
    
    - 临时解决方案:
    
    * 使用Microsoft Office文件阻断策略禁止打开不可信任来源和位置的Office 2003
    及更早版本文档:
    
    Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]

"BinaryFiles"=dword:00000001.
    
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带的
    "Windows update"功能下载最新补丁。

    您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
    http://www.microsoft.com/china/technet/security/bulletin/MS07-044.mspx
    
4. MS07-045 - Internet Explorer累积安全更新(937143)
  
    - 受影响软件:
    
    Internet Explorer 5.01
    Internet Explorer 6 Service Pack 1
    Internet Explorer 6
    Internet Explorer 7

    - 漏洞描述:

    Internet Explorer中存在多个安全漏洞。如果用户使用Internet Explorer查看
    了特制网页,就可能导致多个内存破坏的情况。帐户被配置为拥有较少用户权限
    的用户比具有管理用户权限的用户受到的影响要小。

    风险级别和漏洞标识
______________________________________________________________
|受影响软件|CSS内存破坏  |ActiveX对象  |ActiveX对象  |所有漏洞|
|          |漏洞         |漏洞         |内存破坏漏洞 |总体风险|
|          |CVE-2007-0943|CVE-2007-2216|CVE-2007-3041|级别    |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|IE 5.01和 |             |             |             |        |
|6 SP1     |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|2000 SP4  |紧急         |紧急         |紧急         |紧急    |
|上的IE    |远程执行代码 |远程执行代码 |远程执行代码 |        |
|5.01 SP4  |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|2000 SP4  |无           |紧急         |紧急         |紧急    |
|上的IE 6  |             |远程执行代码 |远程执行代码 |        |
|SP1       |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|IE 6      |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|XP SP2上的|无           |紧急         |紧急         |紧急    |
|IE 6      |             |远程执行代码 |远程执行代码 |        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|XP x64版和|无           |紧急         |紧急         |紧急    |
|XP x64 SP2|             |远程执行代码 |远程执行代码 |        |
|的IE 6    |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|Server    |             |             |             |        |
|2003 SP1  |无           |中等         |中等         |中等    |
|和Server  |             |远程执行代码 |远程执行代码 |        |
|2003 SP2  |             |             |             |        |
|的IE 6    |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|Server    |             |             |             |        |
|2003 x64  |无           |中等         |中等         |中等    |
|和Server  |             |远程执行代码 |远程执行代码 |        |
|2003 x64  |             |             |             |        |
|SP2的IE 6 |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|Server    |             |             |             |        |
|2003 SP1  |无           |中等         |中等         |中等    |
|(基于     |             |远程执行代码 |远程执行代码 |        |
|Itanium的 |             |             |             |        |
|系统)和   |             |             |             |        |
|Server2003|             |             |             |        |
|SP2(基于  |             |             |             |        |
|Itanium的 |             |             |             |        |
|系统的IE 6|             |             |             |        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|IE 7      |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|XP SP2的  |无           |重要         |重要         |重要    |
|IE 7      |             |远程执行代码 |远程执行代码 |        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|XP x64版和|无           |重要         |重要         |重要    |
|XP x64 SP2|             |远程执行代码 |远程执行代码 |        |
|的IE 7    |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|Server    |             |             |             |        |
|2003 SP1  |无           |低           |低           |低      |
|和Server  |             |远程执行代码 |远程执行代码 |        |
|2003 SP2  |             |             |             |        |
|的IE 7    |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|Server    |             |             |             |        |
|2003 x64  |无           |低           |低           |低      |
|和Server  |             |远程执行代码 |远程执行代码 |        |
|2003 x64  |             |             |             |        |
|SP2的IE 7 |             |             |             |        |
|__________|_____________|_____________|_____________|________|
|Server    |             |             |             |        |
|2003 SP1  |无           |低           |低           |低      |
|(基于     |             |远程执行代码 |远程执行代码 |        |
|Itanium的 |             |             |             |        |
|系统)和   |             |             |             |        |
|Server2003|             |             |             |        |
|SP2(基于  |             |             |             |        |
|Itanium的 |             |             |             |        |
|系统的IE 7|             |             |             |        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|Vista中的 |无           |重要         |重要         |重要    |
|IE 7      |             |             |             |远      |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|Vista x64 |无           |重要         |重要         |重要    |
|版中的IE 7|             |             |             |远程执  |
|__________|_____________|_____________|_____________|________|
              
    - 临时解决方案:
    
    * 将Internet Explorer配置为在Internet和本地Intranet安全区域中运行ActiveX
    控件之前进行提示    
    * 将Internet 和本地Intranet安全区域设置设为“高”,以便在这些区域中运行
    ActiveX控件和活动脚本之前进行提示
    * 禁止在Internet Explorer中运行COM对象

    - 厂商补丁:                

     微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带
     的"Windows update"功能下载最新补丁。

     您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
     http://www.microsoft.com/china/technet/security/bulletin/MS07-045.mspx
    
5. MS07-046 - GDI中的漏洞可能导致远程执行代码(938829)

    - 受影响软件:
    
    Microsoft Windows 2000 Service Pack 4
    Windows XP Service Pack 2
    Windows XP Professional x64 Edition
    Microsoft Windows Server 2003 Service Pack 1
    Microsoft Windows Server 2003 x64 Edition
    Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    
    - 漏洞描述:

    图形渲染引擎处理特制图形的方式存在漏洞。如果用户受骗打开了特制图形的话,
    就可能触发这个漏洞,导致执行任意代码。
    
    风险级别和漏洞标识
__________________________________________________
|受影响软件       |GDI远程代码执行  |总体风险级别 |
|                 |漏洞             |             |
|                 |CVE-2007-3034    |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows 2000     |紧急             | 紧急        |
|SP4              |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows XP       |紧急             | 紧急        |
|SP2              |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows XP Pro   |紧急             | 紧急        |
|x64版            |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |紧急             | 紧急        |
|2003 SP1         |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |紧急             | 紧急        |
|2003 x64版       |远程代码执行     |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Windows Server   |紧急             | 紧急        |
|2003 with SP1    |远程代码执行     |             |
|for Itanium-based|                 |             |
|Systems          |                 |             |
|_________________|_________________|_____________|
  
    - 临时解决方案:

    无
    
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带
    的"Windows update"功能下载最新补丁。

    http://www.microsoft.com/china/technet/security/bulletin/MS07-046.mspx
    
6. MS07-047 - Windows Media Player中的漏洞可能允许远程执行代码(936782)

    - 受影响软件:
  
    操作系统:Microsoft Windows 2000 Service Pack 4
    组件:
    Windows Media Player 7.1
    Windows Media Player 9
    
    操作系统:Windows XP Service Pack 2
    组件:
    Windows Media Player 9
    Windows Media Player 10
    Windows Media Player 11
    
    操作系统:Windows XP Professional x64 Edition和Windows XP Professional
    x64 Edition Service Pack 2
    组件:
    Windows Media Player 10
    Windows Media Player 11
        
    操作系统:Windows Server 2003 Service Pack 1和Service Pack 2
    组件:
    Windows Media Player 10
    Windows Media Player 11
        
    操作系统:Windows Server 2003 x64 Edition和Windows Server 2003 x64 Edition
    Service Pack 2
    组件:
    Windows Media Player 10
    Windows Media Player 11
        
    操作系统:Windows Vista
    组件:
    Windows Media Player 11

    - 漏洞描述:

    Windows Media Player没有正确的处理皮肤文件中的头信息。如果用户受骗加载
    了恶意的媒体文件的话就可能导致执行任意代码。

    风险级别和漏洞标识
________________________________________________
|受影响软件|Media Player |Media Player |所有漏洞|
|          |代码执行漏洞 |解压皮肤漏洞 |总体风险|
|          |CVE-2007-3037|CVE-2007-3035|级别    |
|__________|_____________|_____________|________|
|          |             |             |        |
|Media     | 重要        | 重要        | 重要   |
|Player 7.1| 远程执行代码| 远程执行代码|        |
|__________|_____________|_____________|________|
|          |             |             |        |
|Media     | 重要        | 重要        | 重要   |
|Player 9  | 远程执行代码| 远程执行代码|        |
|__________|_____________|_____________|________|
|Media     |             |             |        |
|Player 10 | 重要        | 重要        | 重要   |
|          | 远程执行代码| 远程执行代码|        |
|__________|_____________|_____________|________|
|Media     |             |             |        |
|Player 11 | 重要        | 重要        | 重要   |
|          | 远程执行代码|             |        |
|__________|_____________|_____________|________|

    - 临时解决方案:
    
    * 解除WMZ和WMD文件关联
    * 注销Wmp.dll
    
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带的
    "Windows update"功能下载最新补丁。

    您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
    http://www.microsoft.com/china/technet/security/bulletin/MS07-047.mspx    

7. MS07-048 - Windows Gadgets中的漏洞可能导致远程执行代码(938123)
  
    - 受影响软件:
    
    Windows Vista
    Windows Vista x64 Edition

    - 漏洞描述:

    Vista中所捆绑的Feed Headlines Gadget和Weather Gadget在解析HTML属性时没
    有执行充分的验证,Contacts Gadget在导入联系人时也没有执行充分的验证。如
    果用户受骗访问了恶意网页或订阅了恶意的RSS feed的话,就可能触发这些漏洞,
    导致以登录用户的权限执行任意代码。

    风险级别和漏洞标识
______________________________________________________________
|受影响软件|Vista Feed   |Vista        |Vista Weather|所有漏洞|
|          |Headlines    |Contacts     |Gadget远程代 |总体风险|
|          |Gadget远程代 |Gadget远程代 |码执行漏洞   |级别    |
|          |码执行漏洞   |码执行漏洞   |             |        |
|          |CVE-2007-3033|CVE-2007-3032|CVE-2007-3891|        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|Vista     |重要         |中等         |中等         |重要    |
|          |远程执行代码 |远程执行代码 |远程执行代码 |        |
|__________|_____________|_____________|_____________|________|
|          |             |             |             |        |
|Vista x64 |重要         |中等         |中等         |重要    |
|版        |远程执行代码 |远程执行代码 |远程执行代码 |        |
|__________|_____________|_____________|_____________|________|
              
    - 临时解决方案:
    
    * 禁用或注销有漏洞的Gadget
    * 在组策略或系统注册表中禁用侧栏
    * 修改gadget.xml的访问控制列表:
    
    在命令行提示符中输入cd %ProgramFiles%\Windows Sidebar\Gadgets\Contacts.Gadget\en-US
    然后对Weather Gadget和Contacts Gadget键入以下命令:icacls gadget.xml /deny Everyone:(R,RX)

    - 厂商补丁:                

     微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带
     的"Windows update"功能下载最新补丁。

     您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
     http://www.microsoft.com/china/technet/security/bulletin/MS07-048.mspx

8. MS07-049 - Virtual PC和Virtual Server中的漏洞可能导致权限提升(937986)

    - 受影响软件:
    
    Microsoft Virtual PC 2004
    Microsoft Virtual PC 2004 Service Pack 1
    Microsoft Virtual Server 2005标准版
    Microsoft Virtual Server 2005企业版
    Microsoft Virtual Server 2005 R2标准版
    Microsoft Virtual Server 2005 R2企业版
    Microsoft Virtual PC for Mac V6.1
    Microsoft Virtual PC for Mac V7
    
    - 漏洞描述:

    Microsoft Virtual PC和Microsoft Virtual Server没有正确的处理与主机操作
    系统通讯组件的交互与初始化。如果攻击者拥有guest操作系统的管理权限的话,
    就可以在主机或其他guest操作系统上触发堆溢出,完全控制受影响的系统。
    
    风险级别和漏洞标识
__________________________________________________
|受影响软件       |Virtual PC和     |总体风险级别 |
|                 |Virtual Server   |             |
|                 |堆溢出漏洞       |             |
|                 |CVE-2007-0948    |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Virtual PC 2004  |重要             | 重要        |
|                 |权限提升         |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Virtual PC 2004  |重要             | 重要        |
|SP1              |权限提升         |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Virtual PC 2005  |重要             | 重要        |
|标准版           |权限提升         |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Virtual PC 2005  |重要             | 重要        |
|企业版           |权限提升         |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Virtual Server   |重要             | 重要        |
|2005 R2标准版    |权限提升         |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Virtual Server   |重要             | 重要        |
|2005 R2企业版    |权限提升         |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Virtual PC for   |重要             | 重要        |
|Mac V6.1         |权限提升         |             |
|_________________|_________________|_____________|
|                 |                 |             |
|Virtual PC for   |重要             | 重要        |
|Mac V7           |权限提升         |             |
|_________________|_________________|_____________|
  
    - 临时解决方案:

    无
    
    - 厂商补丁:                

    微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带
    的"Windows update"功能下载最新补丁。

    http://www.microsoft.com/china/technet/security/bulletin/MS07-049.mspx

9. MS07-050 - 向量标记语言中的漏洞可能导致远程执行代码(938127)
  
    - 受影响软件:
    
    Internet Explorer 5.01
    Internet Explorer 6 Service Pack 1
    Internet Explorer 6
    Internet Explorer 7

    - 漏洞描述:

    Microsoft Windows在实现VML时,向量图形链接库中的例程vgx.dll没有对在Internet
    Explorer中渲染VML的请求的请求执行充分的验证。如果用户受骗访问了恶意网页
    的话,就可能触发缓冲区溢出,导致执行任意代码。

    风险级别和漏洞标识
_________________________
|受影响软件|VML缓冲区溢出|
|          |漏洞         |
|          |CVE-2007-1749|
|__________|_____________|
|          |             |            
|IE 5.01和 |             |            
|6 SP1     |             |            
|__________|_____________|
|          |             |          
|2000 SP4  |紧急         |
|上的IE    |远程执行代码 |
|5.01 SP4  |             |    
|__________|_____________|
|          |             |          
|2000 SP4  |紧急         |
|上的IE 6  |远程执行代码 |
|SP1       |             |          
|__________|_____________|
|          |             |            
|IE 6      |             |            
|__________|_____________|
|          |             |            
|XP SP2上的|紧急         |
|IE 6      |远程执行代码 |
|__________|_____________|
|          |             |          
|XP x64版和|紧急         |
|XP x64 SP2|远程执行代码 |
|的IE 6    |             |          
|__________|_____________|
|Server    |             |        
|2003 SP1  |紧急         |
|和Server  |远程执行代码 |
|2003 SP2  |             |          
|的IE 6    |             |          
|__________|_____________|
|Server    |             |            
|2003 x64  |紧急         |
|和Server  |远程执行代码 |
|2003 x64  |             |            
|SP2的IE 6 |             |            
|__________|_____________|
|Server    |             |            
|2003 SP1  |紧急         |
|(基于     |远程执行代码 |
|Itanium的 |             |          
|系统)和   |             |        
|Server2003|             |          
|SP2(基于  |             |            
|Itanium的 |             |            
|系统的IE 6|             |          
|__________|_____________|
|          |             |          
|IE 7      |             |          
|__________|_____________|
|          |             |        
|XP SP2的  |紧急         |
|IE 7      |远程执行代码 |
|__________|_____________|
|          |             |            
|XP x64版和|紧急         |
|XP x64 SP2|远程执行代码 |
|的IE 7    |             |            
|__________|_____________|
|Server    |             |            
|2003 SP1  |紧急         |
|和Server  |远程执行代码 |
|2003 SP2  |             |          
|的IE 7    |             |            
|__________|_____________|
|Server    |             |            
|2003 x64  |紧急         |
|和Server  |远程执行代码 |
|2003 x64  |             |            
|SP2的IE 7 |             |            
|__________|_____________|
|Server    |             |            
|2003 SP1  |紧急         |
|(基于     |远程执行代码 |
|Itanium的 |             |            
|系统)和   |             |            
|Server2003|             |            
|SP2(基于  |             |            
|Itanium的 |             |            
|系统的IE 7|             |            
|__________|_____________|
|          |             |          
|Vista中的 |紧急         |
|IE 7      |远程执行代码 |
|__________|_____________|
|          |             |          
|Vista x64 |紧急         |
|版中的IE 7|远程执行代码 |
|__________|_____________|
              
    - 临时解决方案:
    
    * 注销VGX.DLL
    * 将Internet 和本地Intranet安全区域设置设为“高”,以便在这些区域中运行
    ActiveX控件和活动脚本之前进行提示

    - 厂商补丁:                

     微软已经提供了安全补丁以修复此安全漏洞,我们建议您使用Windows系统自带
     的"Windows update"功能下载最新补丁。

     您也可以通过微软的安全公告选择并安装针对您所用系统的安全补丁:
     http://www.microsoft.com/china/technet/security/bulletin/MS07-050.mspx

附加信息:
==========
1. http://www.microsoft.com/china/technet/security/bulletin/MS07-042.mspx
2. http://www.microsoft.com/china/technet/security/bulletin/MS07-043.mspx
3. http://www.microsoft.com/china/technet/security/bulletin/MS07-044.mspx
4. http://www.microsoft.com/china/technet/security/bulletin/MS07-045.mspx
5. http://www.microsoft.com/china/technet/security/bulletin/MS07-046.mspx
6. http://www.microsoft.com/china/technet/security/bulletin/MS07-047.mspx
7. http://www.microsoft.com/china/technet/security/bulletin/MS07-048.mspx
8. http://www.microsoft.com/china/technet/security/bulletin/MS07-049.mspx
9. http://www.microsoft.com/china/technet/security/bulletin/MS07-050.mspx
10. http://www.us-cert.gov/cas/techalerts/TA07-226A.html
11. http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576
12. http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=575
13. http://www.zerodayinitiative.com/advisories/ZDI-07-046.html
14. http://www.zerodayinitiative.com/advisories/ZDI-07-048.html
15. http://www.zerodayinitiative.com/advisories/ZDI-07-047.html
16. http://research.eeye.com/html/advisories/published/AD20070814a.html
17. http://secunia.com/advisories/26409/
18. http://secunia.com/advisories/26444/
19. http://secunia.com/advisories/26439/
20. http://secunia.com/advisories/26433/
21. http://secunia.com/advisories/26423/
22. http://secunia.com/advisories/26419/
23. http://secunia.com/advisories/26145/
24. http://secunia.com/advisories/26449/
25. http://research.eeye.com/html/advisories/published/AD20070814b.html

声 明
==========

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

关于绿盟科技
============

绿盟科技(NSFOCUS Co., Ltd.)是中国网络安全领域的领导企业,致力于网络和系统安全问题的研究、高端网络安全产品的研发、销售与网络安全服务,在入侵检测/保护、远程评估、 DDoS攻击防护等方面提供具有国际竞争能力的先进产品,是国内最具安全服务经验的专业公司。有关绿盟科技的详情请参见: http://www.nsfocus.com

© 2024 绿盟科技