Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19771
HistoryJun 10, 2010 - 12:00 a.m.

Microsoft IE Developer Tools ActiveX控件远程内存破坏漏洞(MS10-034)

2010-06-1000:00:00
Root
www.seebug.org
27

0.902 High

EPSS

Percentile

98.8%

JSON

BUGTRAQ ID: 40490
CVE ID: CVE-2010-0811

Internet Explorer Developer Tools ActiveX控件(iedvtool.dll)是Internet Explorer 8中所提供的调试工具。

Internet Explorer 8 Developer Tools ActiveX控件中存在内存破坏漏洞。攻击者可以通过创建特制的网页来利用这个漏洞,当用户查看网页时就会允许远程执行代码。成功利用这个漏洞的攻击者可以获得与登录用户相同的用户权限。

Microsoft Windows XP SP3
Microsoft Windows XP SP2
Microsoft Windows Vista SP2
Microsoft Windows Vista SP1
Microsoft Windows Server 2008 SP2
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows 7
Microsoft Windows 2000 SP4
临时解决方法:

  • 对CLISD {8fe85d00-4647-40b9-87e4-5eb8a52f4759}设置kill bit。

  • 将Internet Explorer配置为在Internet和本地Intranet安全区域中运行ActiveX控件和活动脚本之前进行提示。

  • 将Internet和本地Intranet安全区域设置设为“高”,以便在这些区域中运行ActiveX控件和活动脚本之前进行提示。

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS10-034)以及相应补丁:
MS10-034:Cumulative Security Update of ActiveX Kill Bits (980195)
链接:http://www.microsoft.com/technet/security/bulletin/MS10-034.mspx?pf=true

Related

checkpoint_advisories 1
nvd 1
cvelist 1
cve 1
prion 1
securityvulns 3
openvas 4
nessus 2
checkpoint_advisories
checkpoint_advisories
Internet Explorer 8 Developer Tools ActiveX Memory Corruption (MS10-034; CVE-2010-0811)
2010-06-08 00:00:00
nvd
nvd
CVE-2010-0811
2010-06-08 22:30:01
cvelist
cvelist
CVE-2010-0811
2010-06-08 22:00:00
cve
cve
CVE-2010-0811
2010-06-08 22:30:01
prion
prion
Design/Logic Flaw
2010-06-08 22:30:00
securityvulns
securityvulns
Microsoft Security Bulletin MS10-034 - Critical Cumulative Security Update of ActiveX Kill Bits (980195)
2010-06-08 00:00:00
Code execution with multiple ActiveX components in Microsoft Windows
2010-06-09 00:00:00
Multiple ActiveX components security vulnerabilities
2011-04-13 00:00:00
openvas
openvas
Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
2010-06-09 00:00:00
Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
2010-06-09 00:00:00
Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)
2011-04-13 00:00:00
nessus
nessus
MS10-034: Cumulative Security Update of ActiveX Kill Bits (980195)
2010-06-09 00:00:00
MS11-027: Cumulative Security Update of ActiveX Kill Bits (2508272)
2011-04-13 00:00:00

0.902 High

EPSS

Percentile

98.8%

JSON
Related for SSV:19771
checkpoint_advisories1nvd1cvelist1cve1prion1securityvulns3openvas4nessus2