Microsoft Internet Explorer JPEG图形渲染溢出漏洞

Microsoft Internet Explorer JPEG图形渲染溢出漏洞

漏洞ID 1108932 漏洞类型 边界条件错误
发布时间 2005-07-15 更新时间 2005-10-20
图片[1]-Microsoft Internet Explorer JPEG图形渲染溢出漏洞-安全小百科CVE编号 CVE-2005-1988
图片[2]-Microsoft Internet Explorer JPEG图形渲染溢出漏洞-安全小百科CNNVD-ID CNNVD-200508-090
漏洞平台 Windows CVSS评分 5.1
|漏洞来源
https://www.exploit-db.com/exploits/25991
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-090
|漏洞详情
MicrosoftInternetExplorer是非常流行的WEB浏览器。MicrosoftInternetExplorer浏览器所使用的JPEG图形渲染库中存在缓冲区溢出漏洞,成功的攻击可以导致执行任意代码。起因是拷贝操作之前没有执行正确的边界检查。攻击者可以通过创建随机的浏览器输入来利用这个漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/14282/info

Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the JPEG image rendering library used by the browser. This issue is due to a failure of the application to properly bounds check input data prior to copying it to a fixed size memory buffer.

This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.

Successful exploitation may result in execution of arbitrary code in the context of the user executing the affected browser. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25991.jpg
|参考资料

来源:US-CERT
名称:TA05-221A
链接:http://www.us-cert.gov/cas/techalerts/TA05-221A.html
来源:US-CERT
名称:VU#965206
链接:http://www.kb.cert.org/vuls/id/965206
来源:MS
名称:MS05-038
链接:http://www.microsoft.com/technet/Security/bulletin/ms05-038.mspx
来源:SECUNIA
名称:16373
链接:http://secunia.com/advisories/16373/
来源:VUPEN
名称:ADV-2005-1353
链接:http://www.frsirt.com/english/advisories/2005/1353
来源:
来源:USGovernmentResource:oval:org.mitre.oval:def:390
名称:oval:org.mitre.oval:def:390
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:390
来源:USGovernment
名称:oval:org.mitre.oval:def:1335
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1335
来源:USGovernment
名称:oval:org.mitre.oval:def:1216
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1216
来源:USGovernment
名称:oval:org.mitre.oval:def:1140
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1140

相关推荐: Network Associates WebShield SMTP 4.5.44 Buffer Overflow Vulnerability

Network Associates WebShield SMTP 4.5.44 Buffer Overflow Vulnerability 漏洞ID 1104109 漏洞类型 Boundary Condition Error 发布时间 2000-05-25 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享