注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

且行且记录

点滴记录,行的更远!

 
 
 

日志

 
 

感谢谷歌,ms14-084终于搜到了一些线索  

2014-12-16 09:13:23|  分类: 原理分析 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
昨天新浪微博说谷歌能访问了,试了下还真是的。终于不再闭关锁国了。
之前用国内的搜索几乎搜不到有用的,只是一些公告。
我们知道真经一般都在国外,所以今天用谷歌搜了下,找到一些线索。
因为昨天晚上还调试了下,发现匹配数与对应的内存始终是一一对应的,也就没法利用未初始化的内存。
如线索说:
vbscript引擎处理特定的正则表达式存在未初始化漏洞。
在处理正则表达式匹配的过程中发生了错误。
当释放之前的匹配时,错误处理代码不正确的计算匹配数。
程序就会错误的访问未初始化内存做对象指针,这会导致执行任意代码。

BACKGROUND

Microsoft Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems. For more information, see the vendor's site found at the following link:

http://windows.microsoft.com/en-us/internet-explorer/download-ie

DESCRIPTION

Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s VBScript engine could allow an attacker to execute arbitrary code with the privileges of the current user.

An uninitialized memory vulnerability exists in VBScript engine's handling of certain regular expressions. An error occurs during the regular expression matching process. The error-handling code fails to properly calculate the number of matches when trying to free previous matches. The program will erroneously access uninitialized memory as an object pointer, which can lead to the execution of arbitrary code.

ANALYSIS

Exploitation of this vulnerability would result in the execution of arbitrary code with the privileges of the current user. To exploit this vulnerability through IE, an attacker would need to entice a targeted user to visit a specially crafted Web page. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. After the user visits the malicious Web page, no further user interaction is needed.

DETECTION

Microsoft has confirmed that the following versions of the following products are vulnerable:

  • VBScript 5.6
  • VBScript 5.7
  • VBScript 5.8
  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11

WORKAROUND

iDefense recommends employing workarounds involving disabling or restricting site access to ActiveScript to mitigate this vulnerability through IE, including the following:

  • Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
  • Configure IE to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones; add trusted sites to the IE trusted sites zone.
Readers should note that disabling or restricting scripting may severely affect the browsing experience with websites requiring scripting.

VENDOR RESPONSE

Microsoft has released a fix which addresses this issue. For more information, consult their advisory at the following URL:

Microsoft update information : https://technet.microsoft.com/library/security/MS14-084

CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2014-6363 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.

DISCLOSURE TIMELINE

07/01/2014 Initial Vendor Notification
07/01/2014 Initial Vendor Reply
12/09/2014 Coordinated Public Disclosure

CREDIT

This vulnerability was reported to iDefense by SkyLined.

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

LEGAL NOTICES

Copyright ? 2014 Verisign, Inc.

Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense Verisign. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customer service for permission.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.


  评论这张
 
阅读(116)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017