>受影响的版本:
Windows Server 2003 (Internet Explorer 6.0)
漏洞观察:
Windows Server 2003的这个漏洞会致使远程攻击者篡改注册表"Shell Folders"目录,从而无需任何登陆认证,轻易获得系统文件夹中%USERPROFILE%文件的访问权。
ex.) %USERPROFILE% = "C:/Documents and Settings/%USERNAME%"
详细资料:
远程攻击者篡改Windows Server 2003系统注册表中的"Shell Folders"目录,通过"shell:[Shell Folders]/../" 将本地文件与恶意程序链接。
[Shell Folders]
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders
AppData: "C:/Documents and Settings/%USERNAME%/Application Data"
Cookies: "C:/Documents and Settings/%USERNAME%/Cookies"
Desktop: "C:/Documents and Settings/%USERNAME%/Desktop"
Favorites: "C:/Documents and Settings/%USERNAME%/Favorites"
NetHood: "C:/Documents and Settings/%USERNAME%/NetHood"
Personal: "C:/Documents and Settings/%USERNAME%/My Documents"
PrintHood: "C:/Documents and Settings/%USERNAME%/PrintHood"
Recent: "C:/Documents and Settings/%USERNAME%/Recent"
SendTo: "C:/Documents and Settings/%USERNAME%/SendTo"
Start Menu: "C:/Documents and Settings/%USERNAME%/Start Menu"
Templates: "C:/Documents and Settings/%USERNAME%/Templates"
Programs: "C:/Documents and Settings/%USERNAME%/Start Menu/Programs"
Startup: "C:/Documents and Settings/%USERNAME%/Start Menu/Programs/Startup"
Local Settings: "C:/Documents and Settings/%USERNAME%/Local Settings"
Local AppData: "C:/Documents and Settings/%USERNAME%/Local Settings/Application Data"
Cache: "C:/Documents and Settings/%USERNAME%/Local Settings/Temporary Internet Files"
History: "C:/Documents and Settings/%USERNAME%/Local Settings/History"
My Pictures: "C:/Documents and Settings/%USERNAME%/My Documents/My Pictures"
Fonts: "C:/WINDOWS/Fonts"
My Music: "C:/Documents and Settings/%USERNAME%/My Documents/My Music"
My Video: "C:/Documents and Settings/%USERNAME%/My Documents/My Videos"
CD Burning: "C:/Documents and Settings/%USERNAME%/Local Settings/Application
Data/Microsoft/CD Burning"
Administrative Tools: "C:/Documents and Settings/%USERNAME%/Start
Menu/Programs/Administrative Tools"
恶意代码示例:
**************************************************
This exploit reads %TEMP%/exploit.html.
You need to create it.
And click on the malicious link.
**************************************************
Malicious link:
Exploit
微软举措:
微软已于2003年6月9日发布了此漏洞公告,计划于下一个版本的windows补丁中添加此漏洞的修补程序。
文章来源:金山毒霸编译