绿盟科技NSFOCUS安全漏洞系统

安全研究

安全漏洞

SupportSoft ActiveX控件远程缓冲区溢出漏洞

发布日期：2007-02-22
更新日期：2007-02-22

受影响系统：

SupportSoft Inc. SupportSoft 6.x
SupportSoft Inc. SupportSoft 5.6
SupportSoft Inc. SupportSoft 5.5

描述：

BUGTRAQ  ID: 22564
CVE(CAN) ID: CVE-2006-6490

SupportSoft是一种实现自助服务功能的软件，用户可以用它解决自己遇到的一些问题。

SupportSoft的ActiveX控件实现上存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户客户端机器。

SupportSoft的SmartIssue、RemoteAssist和Probe ActiveX控件在处理畸形调用时存在溢出漏洞，远程攻击者可以通过诱使用户打开包含恶意代码的网页来利用此漏洞在用户机器上执行任意指令。Symantec的Norton Internet Security 2006套件包含了SupportSoft工具，因此也受此漏洞的影响。

<*来源：Mark Litchfield （mark@ngssoftware.com）
        Peter Vreugdenhil
        Will Dormann

  链接：http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478
        http://www.kb.cert.org/vuls/id/441785
*>

建议：

临时解决方法：

如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：

* 对ActiveX控件设置禁止位：

把如下的文本存为 .REG 文件

      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01010200-5e80-11d8-9e86-0007e96c65ae}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01010e00-5e80-11d8-9e86-0007e96c65ae}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01011300-5e80-11d8-9e86-0007e96c65ae}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01013A00-5E80-11D8-9E86-0007E96C65AE}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01013B00-5E80-11D8-9E86-0007E96C65AE}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01013C00-5E80-11D8-9E86-0007E96C65AE}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01013D00-5E80-11D8-9E86-0007E96C65AE}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01013F00-5E80-11D8-9E86-0007E96C65AE}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01014000-5E80-11D8-9E86-0007E96C65AE}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01014100-5E80-11D8-9E86-0007E96C65AE}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01014B00-5E80-11D8-9E86-0007E96C65AE}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01111c00-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01111e00-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01111f00-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01112500-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01112800-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01113300-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01114200-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01114300-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01114400-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01114500-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01114600-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01114700-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01114800-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{01116e00-3e00-11d2-8470-0060089874ed}]
      "Compatibility Flags"=dword:00000400

双击文件导入注册表。

厂商补丁：

SupportSoft Inc.
----------------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://www.supportsoft.com/support/controls_update.asp

浏览次数：2818
严重程度：0（网友投票）

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客