Microsoft Internet Explorer DHTML AnchorClick远程拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1202867 漏洞类型 缓冲区溢出
发布时间 2003-05-05 更新时间 2003-12-31
CVE编号 CVE-2003-1484 CNNVD-ID CNNVD-200312-343
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2007100113
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-343
|漏洞详情
MicrosoftInternetExplorer是一款流行的WEB浏览程序。MSIE在处理部分DHTML对象时存在问题,远程程攻击者可以利用这个漏洞构建恶意WEB页面,诱使用户访问,可导致浏览器崩溃。当攻击者构建包含畸形'AnchorClick'连接的DHTML页面(如指定文件夹来代替HREF属性,并指定值为空),诱使目标用户访问,IE浏览器就会崩溃,问题应该是由于尝试访问NULL指针而引起的异常错误。
|漏洞EXP
Affected product : IE 6.0 Sp1

Vendor Status : the issue will be solved in the next service pack

Description :

Internet explorer can be crashed  by clicking on a specially crafted link .
The problem is in the AnchorClick DHTML behaviour of the A ( link )
object . With this behaviour you can specify a Folder instead of using the
href attribute . If you leave this field blank , upon clicking on the link
internet explorer will crash with an access violation when trying to write
to a null pointer . You can test this issue by clicking the link on this
page

http://usuarios.lycos.es/actualidad21/ie_URL_behaviour.html

-- 
Regards ,

David F. Madrid
Madrid , Spain
|参考资料

来源:XF
名称:ie-anchorclick-dos(11946)
链接:http://xforce.iss.net/xforce/xfdb/11946
来源:BID
名称:7502
链接:http://www.securityfocus.com/bid/7502
来源:BUGTRAQ
名称:20030505CrashinInternetExplorer6.0Sp1
链接:http://www.securityfocus.com/archive/1/320544
来源:SREASON
名称:3292
链接:http://securityreason.com/securityalert/3292
来源:NSFOCUS
名称:4787
链接:http://www.nsfocus.net/vulndb/4787