Microsoft Infotech存储库 堆溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110241 漏洞类型 缓冲区溢出
发布时间 2006-05-09 更新时间 2006-08-28
CVE编号 CVE-2006-2297 CNNVD-ID CNNVD-200605-162
漏洞平台 Windows CVSS评分 4.0
|漏洞来源
https://www.exploit-db.com/exploits/27850
https://cxsecurity.com/issue/WLB-2006050083
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-162
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。MicrosoftInfotech存储系统库(itss.dll)是用于处理CHM/ITS格式文件的函数库。Microsoft将CHM文件归为危险的文件,类似于可执行文件。但攻击者可以通过诱骗用户反编译恶意的CHM文件触发itss.dll中的堆溢出漏洞,导致执行任意代码。请注意如果用户反编译了恶意的CHM文件,即使没有打开该文件也可以触发这个漏洞。
|漏洞EXP
source: http://www.securityfocus.com/bid/17926/info

Microsoft Windows is susceptible to a heap-corruption vulnerability while attempting to read specially crafted CHM or ITS files. This occurs in the 'ITSS.DLL' library.

This vulnerability allows remote attackers to execute arbitrary machine code in the context of applications using the affected library.

Attackers may exploit this issue by coercing users to open malicious CHM or ITS files with Internet Explorer, or when users try to decompile such files using the 'hh -decompile' command. CHM files are considered unsafe files, so there is a possibility that advanced users or security researchers may try to decompile these files to inspect their contents.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/27850.chm
|参考资料

来源:XF
名称:ms-itssdll-chm-bo(26340)
链接:http://xforce.iss.net/xforce/xfdb/26340
来源:BID
名称:17926
链接:http://www.securityfocus.com/bid/17926
来源:BUGTRAQ
名称:20060512Re:[Reversemode]MicrosoftInfotechStoragelibraryHeapCorruption
链接:http://www.securityfocus.com/archive/1/archive/1/433854/100/0/threaded
来源:BUGTRAQ
名称:20060509[Reversemode]MicrosoftInfotechStoragelibraryHeapCorruption
链接:http://www.securityfocus.com/archive/1/archive/1/433435/100/0/threaded
来源:MISC
链接:http://www.reversemode.com/advisories/advisory-itss.pdf
来源:OSVDB
名称:25501
链接:http://www.osvdb.org/25501
来源:VUPEN
名称:ADV-2006-1761
链接:http://www.frsirt.com/english/advisories/2006/1761
来源:SECUNIA
名称:20061
链接:http://secunia.com/advisories/20061
来源:BUGTRAQ
名称:20060510Re:[Reversemode]MicrosoftInfotechStoragelibraryHeapCorruption
链接:http://www.securityfocus.com/archive/1/archive/1/433833/30/5040/threaded
来源:SREASON
名称:886
链接:http://securityreason.com/securityalert/886