Internet Explorer远程代码执行漏洞
出处:安天实验室 时间:2010年1月18日
微软于美国时间2010年1月15日公布IE浏览器含有0day漏洞;几乎影响了所有版本的Internet Explorer浏览器,包括版本为IE6、IE7、IE8。漏洞存在于Internet Explorer浏览器中对指针的非法引用,导致触发执行任意指令。攻击者通过构造恶意代码触发该漏洞,进而得到目标机器的控制权;进行密码窃取、远程控制、敏感信息窥视等恶意行为。
受影响浏览器版本:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 8 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 8 for Windows Server 2003 Service Pack 2, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 8 in Windows 7 for 32-bit Systems
Internet Explorer 8 in Windows 7 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems
不受漏洞影响的IE版本及操作系统平台
Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4
漏洞描述:
1月15日微软公司发布安全公告及公告更新称,微软IE浏览器(Internet Explorer)存在一个“Critial”级别(注:微软公司公布漏洞的最高级别)的漏洞。受该漏洞影响的IE浏览器版本包括6.0、7.0和8.0,此外受影响的浏览器运行操作系统平台包括Windows 2000、Windows XP、Windows 2003、Windows Vista、Windows 7和Windows 2008。经有关技术部门研究分析发现,该漏洞是由于微软IE浏览器在运行过程中创建的对象(如:Document对象)在内存中释放后、仍能通过指针进行访问而产生的,由此可构造基于Web的Shellcode程序进行攻击,进而可在用户主机上执行任意指定代码,取得操作系统权限。
临时解决方法:
用户可以开启DEP来帮助减少在线攻击,DEP在IE8中默认启用,在其他早期版本中需要手工开启。
用户可以把Internet和Local intranet域设置为高,使得在这些域中执行ActiveX控件或ActiveX脚本前得到提示。或在Internet和Local intranet域中关闭Active脚本。
建议安装安天防线防范日益增多的木马、病毒。用户在安装反病毒软件之后,应将病毒监控功能打开、经常进行升级、遇到问题要上报,这样才能真正保障计算机的安全。安天反病毒应急处理中心及时进行了病毒库更新,个人用户使用安天防线2009或锐甲可以有效防范因此漏洞引起的挂马网页威胁,并查杀由此挂马网页下载的病毒。安天用户请及时更新安天防线与锐甲,以确保您的计算机安全,防止计算机病毒入侵。安天防线免费下载地址:http://www.antiyfx.com 锐甲免费下载地址:http://www.ruijia.cn。
参照地址:
http://www.microsoft.com/technet/security/advisory/979352.mspx |
|
发表于 2010-1-18 14:31
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡