Microsoft IE CFunctionPointer函数内存破坏漏洞(MS09-002)

2009-02-13T00:00:00
ID SSV:4748
Type seebug
Reporter Root
Modified 2009-02-13T00:00:00

Description

BUGTRAQ ID: 33627 CVE(CAN) ID: CVE-2009-0075

Internet Explorer是微软Windows操作系统中默认捆绑的WEB浏览器。

Internet Explorer的CFunctionPointer函数没有正确地处理文档对象,如果以特定序列附加并删除了对象,就可以触发内存破坏,导致以当前登录用户的权限执行任意代码。

Microsoft Internet Explorer 7.0 ZDI (<a href=http://www.zerodayinitiative.com/ target=_blank rel=external nofollow>http://www.zerodayinitiative.com/</a>)

链接:<a href=http://secunia.com/advisories/33845/ target=_blank rel=external nofollow>http://secunia.com/advisories/33845/</a> <a href=http://marc.info/?l=bugtraq&m=123430894008628&w=2 target=_blank rel=external nofollow>http://marc.info/?l=bugtraq&m=123430894008628&w=2</a> <a href=http://www.microsoft.com/technet/security/Bulletin/MS09-002.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/Bulletin/MS09-002.mspx?pf=true</a> <a href=http://www.us-cert.gov/cas/techalerts/TA09-041A.html target=_blank rel=external nofollow>http://www.us-cert.gov/cas/techalerts/TA09-041A.html</a>