安全研究
安全漏洞
Microsoft Internet Explorer区域可欺骗漏洞(MS02-023)
发布日期:2002-05-15
更新日期:2002-05-22
受影响系统:
Microsoft Internet Explorer 5.0.1SP1描述:
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 5.0.1SP2
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 5.01
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows 98 SE
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
Microsoft Internet Explorer 5.5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows ME
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 5.5SP1
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows ME
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 5.5SP2
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows ME
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
Microsoft Internet Explorer 6.0
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
BUGTRAQ ID: 4753
CVE(CAN) ID: CVE-2002-0190
Microsoft Internet Explorer是一款微软开发的流行的WEB浏览器。
Microsoft Internet Explorer存在设计漏洞,可导致远程攻击者以受信任区域欺骗用户IE来打开页面内容。
Microsoft Internet Explorer在处理使用NETBIOS协议访问站点的情况下存在缺陷,攻击者可以构建恶意WEB页面,并诱使用户访问此页面,导致此页面在Intranet域或者少数情况下以受信任区域的安全环境下打开,造成以较高的权限执行嵌入在页面中的任意代码。
<*来源:www.instisec.com
链接:http://www.instisec.com/publico/avisos.asp?id=20021605
http://www.microsoft.com/technet/security/bulletin/MS02-023.asp
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 设置IE浏览器,点击菜单工具->Internet选项->安全->自定义级别,在文件下载上选择禁用。
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS02-023)以及相应补丁:
MS02-023:15 May 2002 Cumulative Patch for Internet Explorer (Q321232)
链接:http://www.microsoft.com/technet/security/bulletin/MS02-023.asp
补丁下载:
Microsoft Internet Explorer 5.0 1:
Microsoft Internet Explorer 5.0.1 SP2:
Microsoft Patch q321232
http://download.microsoft.com/download/ie501sp2/secpac27/5.01_sp2/NT45/EN-US/q321232.exe
Windows NT and Windows 2000
Microsoft Internet Explorer 5.0.1 SP1:
Microsoft Internet Explorer 5.5 SP2:
Microsoft Patch q321232
http://download.microsoft.com/download/ie55sp2/secpac27/5.5_sp2/W98NT42KMe/EN-US/q321232.exe
Microsoft Internet Explorer 5.5 SP1:
Microsoft Patch q321232
http://download.microsoft.com/download/ie55sp1/secpac27/5.5_sp1/W98NT42KMe/EN-US/q321232.exe
Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0:
Microsoft Patch q321232
http://download.microsoft.com/download/IE60/secpac27/6/W98NT42KMeXP/EN-US/q321232.exe
浏览次数:3156
严重程度:0(网友投票)
绿盟科技给您安全的保障