Microsoft Windows Media Player (WMP) MSIE 静态调用HTML传递弱点

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189016 漏洞类型 输入验证
发布时间 2007-09-26 更新时间 2007-09-26
CVE编号 CVE-2007-5095 CNNVD-ID CNNVD-200709-387
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/85347
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200709-387
|漏洞详情
MicrosoftWindowsMediaPlayer(WMP)9在WindowsXPSP2下调用InternetExplorer处理包含媒体文件的HTML文件,不管网络浏览器设置了什么默认,这使得远程攻击者能让用户运行不想运行的软件中的漏洞利用代码,例如.asx文件中的HTMLView参数。
|受影响的产品
Microsoft Windows Media Player 9.0 + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition
|参考资料

来源:BUGTRAQ
名称:20070918RE:securitynotice:BackdooringWindowsMediaFiles
链接:http://www.securityfocus.com/archive/1/archive/1/479856/100/100/threaded
来源:BUGTRAQ
名称:20070918re:securitynotice:BackdooringWindowsMediaFiles
链接:http://www.securityfocus.com/archive/1/archive/1/479854/100/100/threaded
来源:BUGTRAQ
名称:20070918securitynotice:BackdooringWindowsMediaFiles
链接:http://www.securityfocus.com/archive/1/archive/1/479825/100/100/threaded
来源:BUGTRAQ
名称:20070918Re:securitynotice:BackdooringWindowsMediaFiles
链接:http://www.securityfocus.com/archive/1/479855/100/100/threaded
来源:MISC
链接:http://www.gnucitizen.org/blog/backdooring-windows-media-files
来源:OSVDB
名称:41093
链接:http://osvdb.org/41093