※黑客攻防指南※=>系统漏洞=>微软IE浏览器基于Cookie的脚本执行漏洞
微软IE浏览器基于Cookie的脚本执行漏洞   


受影响的系统
Microsoft Internet Explorer 5.0.1SP2
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.0.1SP1
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.5SP2
- Microsoft Windows 2000 Terminal Services 0.0
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows 98SE 0.0
- Microsoft Windows ME 0.0
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Terminal Server 4.0
Microsoft Internet Explorer 5.5SP1
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 5.5
- Microsoft Windows 2000 Advanced Server 0.0
- Microsoft Windows 2000 Advanced Server 0.0SP1
- Microsoft Windows 2000 Advanced Server 0.0SP2
- Microsoft Windows 2000 Datacenter Server 0.0
- Microsoft Windows 2000 Datacenter Server 0.0SP1
- Microsoft Windows 2000 Datacenter Server 0.0SP2
- Microsoft Windows 2000 Professional 0.0
- Microsoft Windows 2000 Professional 0.0SP1
- Microsoft Windows 2000 Professional 0.0SP2
- Microsoft Windows 2000 Server 0.0
- Microsoft Windows 2000 Server 0.0SP1
- Microsoft Windows 2000 Server 0.0SP2
- Microsoft Windows 2000 Terminal Services 0.0
- Microsoft Windows 2000 Terminal Services 0.0SP1
- Microsoft Windows 2000 Terminal Services 0.0SP2
- Microsoft Windows 95 0.0
- Microsoft Windows 98 0.0
+ Microsoft Windows ME 0.0
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Internet Explorer 6.0
- Microsoft Windows 2000 Workstation 0.0
- Microsoft Windows 2000 Workstation 0.0SP1
- Microsoft Windows 2000 Workstation 0.0SP2
- Microsoft Windows 98 0.0
- Microsoft Windows 98SE 0.0
- Microsoft Windows ME 0.0
- Microsoft Windows NT 4.0SP6a



弱点描述
缺省情况下,微软的IE浏览器在Internet区域执行由Web站点获取的脚本。



由于这种方法存在的缺陷,IE浏览器在处理Cookie时,会在本地主机区域以目前登录用户的权限执行嵌入Cookie中的脚本。



修补方案

微软已经发布了补丁解决这个问题:


Microsoft Internet Explorer 5.0.1SP2:

Microsoft Patch Q319182 IE5.01 SP2
http://download.microsoft.com/download/ie501sp2/secpac26/5.01_sp2/W982KNT4/EN-US/q319182.exe

Microsoft Internet Explorer 5.0.1SP1:
Microsoft Internet Explorer 5.5SP2:

Microsoft Patch Q319182 IE5.5 SP2
http://download.microsoft.com/download/ie55sp2/secpac26/5.5_sp2/WIN98Me/EN-US/q319182.exe

Microsoft Internet Explorer 5.5SP1:

Microsoft Patch Q319182 IE5.5 SP1
http://download.microsoft.com/download/ie55sp1/secpac26/5.5_sp1/WIN98Me/EN-US/q319182.exe

Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0:

Microsoft Patch Q319182 IE6
http://download.microsoft.com/download/IE60/secpac26/6/W98NT42KMeXP/EN-US/q319182.exe

主目录 分目录

Copyright By「黑白网络工作室」2002 All Rights Reserve