Microsoft Windows WinHTTP服务整数下溢漏洞(MS09-013)

2009-04-16T00:00:00
ID SSV:5052
Type seebug
Reporter Root
Modified 2009-04-16T00:00:00

Description

BUGTRAQ ID: 34435 CVE(CAN) ID: CVE-2009-0086

Microsoft Windows是微软发布的非常流行的操作系统。

Windows HTTP服务处理远程Web服务器所返回的特定值的方式存在整数下溢漏洞。如果用户受骗访问了恶意服务器的话,就可以触发这个溢出,导致在用户机器上执行任意代码。

Microsoft Windows XP x64 SP2 Microsoft Windows XP x64 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP1 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 Microsoft Windows 2000SP4 厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS09-013)以及相应补丁: MS09-013:Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx?pf=true target=_blank rel=external nofollow>http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx?pf=true</a>