Microsoft Internet Explorer已删除帧对象拒绝服务漏洞

2006-12-06T00:00:00
ID SSV:695
Type seebug
Reporter Root
Modified 2006-12-06T00:00:00

Description

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理已删除帧对象存在问题,远程攻击者可以利用漏洞可对应用程序进行拒绝服务攻击。 构建包含恶意已删除帧对象的WEB页,诱使用户访问,可导致用户的IE浏览器崩溃,造成拒绝服务攻击。可能存在任意代码执行可能。

Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition 64-bit + Microsoft Windows Server 2003 Datacenter Edition 64-bit + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition 64-bit + Microsoft Windows Server 2003 Enterprise Edition 64-bit + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Home + Microsoft Windows XP Professional + Microsoft Windows XP Professional

<a href="http://www.microsoft.com/windows/ie/default.mspx" target="_blank">http://www.microsoft.com/windows/ie/default.mspx</a>

                                        
                                            
                                                可参考如下测试代码:
// MoBB Demo
// Provided by Aviv Raff
// http://aviv.raffon.net/

            var orphanObject;

            function createOrphanObject() {
                orphanObject=document.fram