Microsoft Windows - Common Control Library (Comctl32) 堆溢出漏洞
CVE编号
CVE-2010-2746利用情况
暂无补丁情况
N/A披露时间
2010-10-14漏洞描述
当使用第三方SVG查看器时,基于堆的缓冲区溢出在Micros of tW indows XP SP2和SP3、Windows Server2003SP2、Windows Vista SP1和SP2、Windows Server2008Gold、SP2和R2和Windows7中(也称为公共控制库),允许远程攻击者通过精心制作的HTML文档执行任意代码,该文档触发来自该查看器的未指定消息,也就是Comctl32Happ溢出漏洞。解决建议
用户可参考如下供应商提供的补丁信息:Microsoft Windows Server 2003 Itanium SP2Microsoft WindowsServer2003-KB2296011-ia64-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=64F5C311-D74A -4665-9775-AC91C6885ED3Microsoft Windows Vista SP1Microsoft Windows6.0-KB2296011-x86.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=95CEAFC6-E37A -4C77-B16E-C9C94A7D89BDMicrosoft Windows XP Media Center Edition SP3Microsoft WindowsXP-KB2296011-x86-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=912A7C20-8177 -4F65-B986-43FCA6375EC1Microsoft Windows Vista SP2Microsoft Windows6.0-KB2296011-x86.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=95CEAFC6-E37A -4C77-B16E-C9C94A7D89BDMicrosoft Windows 7 for 32-bit Systems 0Microsoft Windows6.1-KB2296011-x86.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=BDFF9057-381A -44E8-B093-84F07D8D7E3CMicrosoft Windows Server 2008 for Itanium-based Systems SP2Microsoft Windows6.0-KB2296011-ia64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=76E46D08-22D9 -4A0C-82CD-D2753D07EFE6Microsoft Windows XP Home SP3Microsoft WindowsXP-KB2296011-x86-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=912A7C20-8177 -4F65-B986-43FCA6375EC1Microsoft Windows Server 2008 for Itanium-based Systems R2Microsoft Windows6.1-KB2296011-ia64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=D0742526-B5EC -4658-82F1-C3680F33A790Microsoft Windows XP Professional x64 Edition SP2Microsoft WindowsServer2003.WindowsXP-KB2296011-x64-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=6C651BCA-ADB1 -4172-9714-CD5A6E5D2C2AMicrosoft Windows Server 2008 for Itanium-based Systems 0Microsoft Windows6.0-KB2296011-ia64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=76E46D08-22D9 -4A0C-82CD-D2753D07EFE6Microsoft Windows Vista x64 Edition SP2Microsoft Windows6.0-KB2296011-x64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=DFE7CD18-53A3 -433E-9A33-BD96B04B4DEB3DM Software Disk Management Software SP2Microsoft WindowsServer2003-KB2296011-x86-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=3B2EB449-AD55 -4DFB-A3C5-AAC767DE6F45Microsoft Windows 7 for x64-based Systems 0Microsoft Windows6.1-KB2296011-x64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=35A2B1A9-6DD6 -4A7E-BC0A-B4FCFFA06B28Microsoft Windows Vista x64 Edition SP1Microsoft Windows6.0-KB2296011-x64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=DFE7CD18-53A3 -433E-9A33-BD96B04B4DEBMicrosoft Windows XP Tablet PC Edition SP3Microsoft WindowsXP-KB2296011-x86-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=912A7C20-8177 -4F65-B986-43FCA6375EC1受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_2003_server | * | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_7 | * | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_7 | - | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2003 | * | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2008 | * | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2008 | r2 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_vista | * | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_xp | * | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_xp | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 高
- 权限要求 无
- 影响范围 N/A
- 用户交互 需要
- 可用性 完全地
- 保密性 完全地
- 完整性 完全地
| CWE-ID | 漏洞类型 |
| CWE-119 | 内存缓冲区边界内操作的限制不恰当 |
Exp相关链接
- avd.aliyun.com
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论