微软IE和OE执行XML样式表中的活动脚本的漏洞

2008-04-09 04:34:47来源:互联网 阅读 ()

新老客户大回馈,云服务器低至5折

微软IE和OE执行XML样式表中的活动脚本的漏洞

发布日期:2001-04-29
更新日期:2001-04-29

受影响系统:

Microsoft Internet Explorer 5.5
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Microsoft Internet Explorer 5.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Microsoft Outlook Express 5.5
- Microsoft Windows 98se
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Microsoft Internet Explorer 5.5
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Internet Explorer 5.0.1 for Windows 98
- Microsoft Windows 98
Microsoft Internet Explorer 5.0.1 for Windows 95
- Microsoft Windows 95
Microsoft Internet Explorer 5.0.1 for Windows 2000
- Microsoft Windows 2000
Microsoft Internet Explorer 5.01
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Outlook Express 5.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0


描述:

BUGTRAQ ID: 2633
CVE(CAN) ID: CAN-2001-1325

Internet Explorer和Outlook Express在处理XML样式表时存在一个漏洞。尽管所有安全区域中的活动脚本都被禁止,但是IE和OE仍然允许执行包含在XML页面的样式表中的脚本。

<* 来源:Georgi Guninski (guninski@guninski.com)*>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!


Georgi Guninski (guninski@guninski.com) 给出如下演示页面:
http://www.guninski.com/xstyle.eml
其源码如下:

From: "georgi"
Subject: xstyle
Date:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000"
X-Priority: 3
X-MSMail-Priority: Normal



This is a multi-part message in MIME format.

------=_NextPart_000
Content-Type: text/html;
charset="iso-8859-1"

test
<H1>
XStyle demo. Written by Georgi Guninski
</H1>

<SCRIPT>
alert("JS should not be working");
</SCRIPT>

<IFRAME SRC="http://www.guninski.com/xstyle.xml"></IFRAME>
------=_NextPart_000--



建议:

厂商补丁:

微软早先提供的用于Windows Script Host的补丁也可以用于本漏洞:
Microsoft Internet Explorer 5.5:

Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe
Windows 95, 98, NT 4.0

Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000

Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe
Microsoft Internet Explorer 5.0:

Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe
Windows 95, 98, NT 4.0

Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000

Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe


Microsoft Outlook Express 5.5:

Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe
Windows 95, 98, NT 4.0

Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000

Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe


Microsoft Outlook Express 5.0:

Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe
Windows 95, 98, NT 4.0

Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000

Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:Viking Server 穿出 web 根目录漏洞

下一篇:HPUX PCLToTIFF 拒绝服务攻击