首页 -> 安全研究
安全研究
绿盟月刊
绿盟安全月刊->第21期->最新漏洞
日期:2001-05-15
受影响的系统:
Microsoft Internet Explorer 5.5
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Microsoft Internet Explorer 5.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Microsoft Outlook Express 5.5
- Microsoft Windows 98se
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
+ Microsoft Internet Explorer 5.5
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
+ Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
- Microsoft Windows NT 4.0
+ Microsoft Internet Explorer 5.0.1 for Windows 98
- Microsoft Windows 98
+ Microsoft Internet Explorer 5.0.1 for Windows 95
- Microsoft Windows 95
+ Microsoft Internet Explorer 5.0.1 for Windows 2000
- Microsoft Windows 2000
+ Microsoft Internet Explorer 5.01
+ Microsoft Windows 98
+ Microsoft Windows 95
+ Microsoft Windows NT 4.0
+ Microsoft Windows 2000
Microsoft Outlook Express 5.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 2633
Internet Explorer和Outlook Express在处理XML样式表时存在一个漏洞。尽管所有安全区域中的活动脚本都被禁止,但是IE和OE仍然允许执行包含在XML页面的样式表中的脚本。
<* 来源:Georgi Guninski (guninski@guninski.com)*>
测试程序:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Georgi Guninski (guninski@guninski.com) 给出如下演示页面:
http://www.guninski.com/xstyle.eml
其源码如下:
From: "georgi"
Subject: xstyle
Date:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000"
X-Priority: 3
X-MSMail-Priority: Normal
This is a multi-part message in MIME format.
------=_NextPart_000
Content-Type: text/html;
charset="iso-8859-1"
test
<H1>
XStyle demo. Written by Georgi Guninski
</H1>
<SCRIPT>
alert("JS should not be working");
</SCRIPT>
<IFRAME SRC="http://www.guninski.com/xstyle.xml"></IFRAME>
------=_NextPart_000--
--------------------------------------------------------------------------------
建议:
厂商补丁:
微软早先提供的用于Windows Script Host的补丁也可以用于本漏洞:
Microsoft Internet Explorer 5.5:
Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe
Windows 95, 98, NT 4.0
Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000
Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe
Microsoft Internet Explorer 5.0:
Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe
Windows 95, 98, NT 4.0
Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000
Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe
Microsoft Outlook Express 5.5:
Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe
Windows 95, 98, NT 4.0
Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000
Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe
Microsoft Outlook Express 5.0:
Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe
Windows 95, 98, NT 4.0
Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000
Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe
版权所有,未经许可,不得转载