看好註冊表微軟Server2003潛伏重大安全缺陷
受影響的版本:
Windows Server 2003 (Internet Explorer 6.0) 漏洞觀察: Windows Server 2003的這個漏洞會致使遠端攻擊者篡改註冊表"Shell Folders"目錄,從而無需任何登入認證,輕易獲得系統檔案夾中%USERPROFILE%文件的訪問權。 ex.) %USERPROFILE% = "C:\Documents and Settings\%USERNAME%" 詳細資料: 遠端攻擊者篡改Windows Server 2003系統註冊表中的"Shell Folders"目錄,通過"shell:[Shell Folders]\..\" 將本機文件與惡意程序連接。 [Shell Folders] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders AppData: "C:\Documents and Settings\%USERNAME%\Application Data" Cookies: "C:\Documents and Settings\%USERNAME%\Cookies" Desktop: "C:\Documents and Settings\%USERNAME%\Desktop" Favorites: "C:\Documents and Settings\%USERNAME%\Favorites" NetHood: "C:\Documents and Settings\%USERNAME%\NetHood" Personal: "C:\Documents and Settings\%USERNAME%\My Documents" PrintHood: "C:\Documents and Settings\%USERNAME%\PrintHood" Recent: "C:\Documents and Settings\%USERNAME%\Recent" SendTo: "C:\Documents and Settings\%USERNAME%\SendTo" Start Menu: "C:\Documents and Settings\%USERNAME%\Start Menu" Templates: "C:\Documents and Settings\%USERNAME%\Templates" Programs: "C:\Documents and Settings\%USERNAME%\Start Menu\Programs" Startup: "C:\Documents and Settings\%USERNAME%\Start Menu\Programs\Startup" Local Settings: "C:\Documents and Settings\%USERNAME%\Local Settings" Local AppData: "C:\Documents and Settings\%USERNAME%\Local Settings\Application Data" 快取: "C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files" History: "C:\Documents and Settings\%USERNAME%\Local Settings\History" My Pictures: "C:\Documents and Settings\%USERNAME%\My Documents\My Pictures" Fonts: "C:\WINDOWS\Fonts" My Music: "C:\Documents and Settings\%USERNAME%\My Documents\My Music" My Video: "C:\Documents and Settings\%USERNAME%\My Documents\My Videos" CD Burning: "C:\Documents and Settings\%USERNAME%\Local Settings\Application Data\Microsoft\CD Burning" Administrative Tools: "C:\Documents and Settings\%USERNAME%\Start Menu\Programs\Administrative Tools" 惡意程式碼示例: ************************************************** This exploit reads %TEMP%\exploit.html. You need to create it. And click on the malicious link. ************************************************** Malicious link: <a href="shell:cache\..\..\Local Settings\Temp\exploit.html">Exploit</a> 微軟舉措: 微軟已於2003年6月9日發佈了此漏洞公告,計劃於下一個版本的windows修正檔中增加此漏洞的修補程式。 |
所有時間均為台北時間。現在的時間是 05:43 PM。 |
Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2024, Jelsoft Enterprises Ltd.
『服務條款』
* 有問題不知道該怎麼解決嗎?請聯絡本站的系統管理員 *