Microsoft MSCMS mscms.dll 栈溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116394 漏洞类型 缓冲区溢出
发布时间 2008-10-12 更新时间 2008-10-14
CVE编号 CVE-2008-2245 CNNVD-ID CNNVD-200808-162
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/6732
https://www.securityfocus.com/bid/30594
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200808-162
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。多个版本的Windows(2000SP4,XPSP2/SP3,Server2003SP1/SP2)MSCMS中的mscms.dll存在栈溢出漏洞。mscms.dll库的InternalOpenColorProfile函数没有正确地验证超长参数,远程攻击者通过特别构造的图片文件,就可能触发堆溢出,导致执行任意代码。
|漏洞EXP
EMR_SETICMPROFILEA Heap Overflow DOS

By Ac!dDrop

related to MS08-046

Tested on windows Xp professional Sp2
mscms.dll 5.1.2600.2709
gdi32.dll 5.1.2600.2818 

Causes Windows explorer and Internet explorer to crash.

You can run arbitary code.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/6732.rar (2008-emf_MS08-046.rar)

# milw0rm.com [2008-10-12]
|受影响的产品
Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Wind
|参考资料

来源:US-CERT
名称:VU#309739
链接:http://www.kb.cert.org/vuls/id/309739
来源:US-CERT
名称:TA08-225A
链接:http://www.us-cert.gov/cas/techalerts/TA08-225A.html
来源:BID
名称:30594
链接:http://www.securityfocus.com/bid/30594
来源:MS
名称:MS08-046
链接:http://www.microsoft.com/technet/security/bulletin/ms08-046.mspx
来源:SECUNIA
名称:31385
链接:http://secunia.com/advisories/31385
来源:SECTRACK
名称:1020675
链接:http://www.securitytracker.com/id?1020675
来源:MILW0RM
名称:6732
链接:http://www.milw0rm.com/exploits/6732
来源:VUPEN
名称:ADV-2008-2350
链接:http://www.frsirt.com/english/advisories/2008/2350
来源:OVAL
名称:oval:org.mitre.oval:def:5923
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5923
来源:HP
名称:SSRT080117
链接:http://marc.info/?l=bugtraq&m=121915960406986&w=2
来源:HP
名称:SSRT080117
链接:http://marc.info/?l=bugtraq&m=121915960406986&w=2
来源:IDEFENSE
名称:20080812MicrosoftWindowsColorManagementModuleHeapBufferOverflowVulnerability
链接:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=742