Microsoft IE Popup.show鼠标事件劫持漏洞-安全小百科

Microsoft IE Popup.show鼠标事件劫持漏洞

漏洞ID	1108037	漏洞类型	设计错误
发布时间	2004-07-12	更新时间	2005-10-20
CVE编号	CVE-2004-0841	CNNVD-ID	CNNVD-200412-098
漏洞平台	Windows	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/24266
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-098

|漏洞详情

MicrosoftInternetExplorer是一款流行的WEB浏览器。MicrosoftInternetExplorer存在鼠标事件劫持问题，远程攻击者可以利用这个漏洞在弹出窗口实现各种不安全操作。Popup.show()允许用户在适当位置弹出窗口。在Mousedown上调用它时show()函数不会拒绝访问，因此攻击者可以利用此问题劫持鼠标事件，可诱使用户在弹出对话框上执行各种不安全操作，如无交互情况下增加默认主页连接等。

|漏洞EXP

source: http://www.securityfocus.com/bid/10690/info

A vulnerability exists in Microsoft Internet Explorer that may permit a malicious Web page to hijack mouse events. This could potentially be exploited to trick an unsuspecting user into performing unintended actions such as approving pop-up dialogs.

The method caching variant of this attack is also reported to work.


This issue could potentially be exploited to execute arbitrary code or be used in other attacks.

A variant of this proof of concept has been supplied by http-equiv:
Just substitute the following:
1. <img src="greyhat.html" id=anch
onmousedown="parent.nsc.style.width=2000;parent.nsc.style.height=
2000;parent.pop.show(1,1,1,1);parent.setTimeout('showalert
()',3000);" style="width=168px;height=152px;background-image:url
('youlickit.gif');cursor:hand" title="click me!"></a>

2. location="shell:favorites\greyhat[1].htm"

|参考资料

来源:US-CERTTechnicalAlert:TA04-293A
名称:TA04-293A
链接:http://www.us-cert.gov/cas/techalerts/TA04-293A.html
来源:US-CERTVulnerabilityNote:VU#413886
名称:VU#413886
链接:http://www.kb.cert.org/vuls/id/413886
来源:XF
名称:ie-popupshow-perform-actions(16675)
链接:http://xforce.iss.net/xforce/xfdb/16675
来源:BID
名称:10690
链接:http://www.securityfocus.com/bid/10690
来源:BUGTRAQ
名称:20040711HijackClick3
链接:http://www.securityfocus.com/archive/1/368652
来源:MS
名称:MS04-038
链接:http://www.microsoft.com/technet/security/bulletin/ms04-038.asp
来源:BUGTRAQ
名称:20040712Re:HijackClick3
链接:http://www.securityfocus.com/archive/1/368666
来源:FULLDISC
名称:20040712BrandNewHole:InternetExplorer:HijackClick3
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html
来源:OSVDB
名称:7774
链接:http://www.osvdb.org/7774
来源:SECTRACK
名称:1010679
链接:http://securitytracker.com/id?1010679
来源:SECUNIA
名称:12048
链接:http://secunia.com/advisories/12048
来源:USGovernmentResource:oval:org.mitre.oval:def:8077
名称:oval:org.mitre.oval:def:8077
链接:htt

相关推荐: Microsoft Internet Explorer Search Pane URI Obfuscation Vulnerability

Microsoft Internet Explorer Search Pane URI Obfuscation Vulnerability 漏洞ID 1097445 漏洞类型 Design Error 发布时间 2004-12-08 更新时间 2004-12-…

文章版权归作者所有，未经允许请勿转载。

THE END