微软IE和OE执行XML样式表中的活动脚本的漏洞

发布日期：2001-04-29
更新日期：2001-04-29

受影响系统：

Microsoft Internet Explorer 5.5
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Microsoft Internet Explorer 5.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Microsoft Outlook Express 5.5
- Microsoft Windows 98se
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Microsoft Internet Explorer 5.5
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Internet Explorer 5.0.1 for Windows 98
- Microsoft Windows 98
Microsoft Internet Explorer 5.0.1 for Windows 95
- Microsoft Windows 95
Microsoft Internet Explorer 5.0.1 for Windows 2000
- Microsoft Windows 2000
Microsoft Internet Explorer 5.01
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Outlook Express 5.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0

描述：

---

BUGTRAQ ID: 2633
CVE(CAN) ID: CAN-2001-1325

Internet Explorer和Outlook Express在处理XML样式表时存在一个漏洞。尽管所有安全区域中的活动脚本都被禁止，但是IE和OE仍然允许执行包含在XML页面的样式表中的脚本。

<* 来源：Georgi Guninski （guninski@guninski.com）*>

测试方法：

---

警 告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

Georgi Guninski （guninski@guninski.com） 给出如下演示页面：
http://www.guninski.com/xstyle.eml
其源码如下：

From: "georgi"
Subject: xstyle
Date:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000"
X-Priority: 3
X-MSMail-Priority: Normal



This is a multi-part message in MIME format.

------=_NextPart_000
Content-Type: text/html;
charset="iso-8859-1"

test
<H1>
XStyle demo. Written by Georgi Guninski
</H1>

<SCRIPT>
alert("JS should not be working");
</SCRIPT>

<IFRAME SRC="http://www.guninski.com/xstyle.xml"></IFRAME>
------=_NextPart_000--



建议：

---

厂商补丁：

微软早先提供的用于Windows Script Host的补丁也可以用于本漏洞：
Microsoft Internet Explorer 5.5:

Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe
Windows 95, 98, NT 4.0

Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000

Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe
Microsoft Internet Explorer 5.0:

Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe
Windows 95, 98, NT 4.0

Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000

Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe


Microsoft Outlook Express 5.5:

Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe
Windows 95, 98, NT 4.0

Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000

Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe


Microsoft Outlook Express 5.0:

Microsoft patch ste51en
http://www.microsoft.com/scripting/downloads/v51/other/ste51en.exe
Windows 95, 98, NT 4.0

Microsoft patch scripten
http://www.microsoft.com/scripting/downloads/v51/windows2000/scripten.exe
Windows 2000

Microsoft patch scr55en
http://www.microsoft.com/scripting/downloads/v55/other/scr55en.exe

文章整理：西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!