IE 5.5 Index.dat Executes any code vulnerability

zhaozj2021-02-08  241

Source: Green Corps (2000-11-24)

Type: Windows Impact Scope: Microsoft Internet Explorer 5.5- Microsoft Windows 98- Microsoft Windows 95- Microsoft Windows NT 2000 Description: IE 5.5 (possibly include other versions) Save recently accessed recently accessed in local file index.dat URLS and other cache information, INDEX.DAT location is generally fixed on the local hard disk: Windows 9x: C: / Windows / Temporary Internet Files / Content.ie5 / Windows 2000: C: / Documents and Settings / UserName / Local Settings / Temporary Internet files / content.IE5 / This file is under the protection of IE security mechanisms, but it is possible to write some content to the file by including a script command in the URL link. Although these contents may not be implemented immediately due to the security restrictions corresponding to the current URL link, the opportunity is coming directly when accessing the local index.dat file. To this end, IE supports interpretation of non-HTML files. Microsoft released a patch on explaining to explain the execution of non-HTML files in the MS00-055 announcement, but it is still possible to force IE to explain to perform non-HTML files: The arbitrary code may eventually be executed, such as determining the name of the cache folder, an attacker can perform previously downloaded files. Workaround: Temporary Solution: Microsoft has not released a formal patch, and the temporary solutions are as follows: 1. Prohibit the active script execution 2. Change the IE temporary directory to a unique location, because the attack process needs to know the exact path

转载请注明原文地址:https://www.9cbs.com/read-1404.html

New Post(0)
CopyRight © 2020 All Rights Reserved
Processed: 0.045, SQL: 9