登录  免费注册
当前位置:首页 > 漏洞详细信息

Microsoft Windows Address Book加载不可信DLL漏洞

 关注(0)  
CNVD-ID CNVD-2010-3273
公开日期 2010-12-17
危害级别
影响产品 Microsoft Windows Server 2008
Microsoft windows 7
Microsoft windows Vista
CVE ID CVE-2010-3147
漏洞描述 Windows Address Book打开处理特定文件时存在加载不可信DLL的漏洞,远程攻击者可以通过在Address Book在打开文件时尝试加载当前目录下的wab32res.dll程序库,导致执行DLL中的恶意代码。
漏洞类型 通用型漏洞
参考链接 http://www.securityfocus.com/bid/42648/info
漏洞解决方案 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:Microsoft Windows XP Media Center Edition SP3Microsoft WindowsXP-KB2423089-x86-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=46BAA431-126C -4FA5-9A7B-525008E2817DMicrosoft Windows 7 for 32-bit Systems 0Microsoft Windows6.1-KB2423089-x86.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=4E8AD5CD-AF27 -4F00-9378-AD778B8EE7B3Microsoft Windows Server 2003 Web Edition SP2Microsoft WindowsServer2003-KB2423089-x86-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=E0B2837C-019B -419B-954D-5BDC71A3A332Microsoft Windows XP Professional x64 Edition SP2Microsoft WindowsServer2003.WindowsXP-KB2423089-x64-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=B9CE9D62-2EAA -48D8-BB6D-EA137E63D077Microsoft Windows Vista x64 Edition SP1Microsoft Windows6.0-KB2423089-x64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=73624B68-A69D -4517-B971-F0B7D2CCC9D6Microsoft Windows Server 2008 for Itanium-based Systems SP2Microsoft Windows6.0-KB2423089-ia64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=82F71194-6F1F -4F43-8752-4BF5E5F94A93Microsoft Windows 7 for x64-based Systems 0Microsoft Windows6.1-KB2423089-x64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=35A3E821-B463 -411C-858B-D01EB5AED42BMicrosoft Windows Server 2003 Standard Edition SP2Microsoft WindowsServer2003-KB2423089-x86-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=E0B2837C-019B -419B-954D-5BDC71A3A332Microsoft Windows Server 2003 Itanium SP2Microsoft WindowsServer2003-KB2423089-ia64-ENU.exehttp://www.microsoft.com/downloads/details.aspx?familyid=9ABC8270-F3AC -474D-9EBC-410AAA6262CCMicrosoft Windows Server 2008 for Itanium-based Systems R2Microsoft Windows6.1-KB2423089-ia64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=CB4211F3-1082 -4245-8F03-7CBAC90E9A31Microsoft Windows Server 2008 for Itanium-based Systems 0Microsoft Windows6.0-KB2423089-ia64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=82F71194-6F1F -4F43-8752-4BF5E5F94A93Microsoft Windows Vista x64 Edition SP2Microsoft Windows6.0-KB2423089-x64.msuhttp://www.microsoft.com/downloads/details.aspx?familyid=73624B68-A69D -4517-B971-F0B7D2CCC9D6
厂商补丁 Microsoft Windows Address Book "wab32res.dll" DLL加载任意代码执行漏洞(MS10-096)的补丁
验证信息 (暂无验证信息)
报送时间 2010-12-17
收录时间 2010-12-17
更新时间 2010-12-17
漏洞附件 (无附件)
  在发布漏洞公告信息之前,CNVD都力争保证每条公告的准确性和可靠性。然而,采纳和实施公告中的建议则完全由用户自己决定,其可能引起的问题和结果也完全由用户承担。是否采纳我们的建议取决于您个人或您企业的决策,您应考虑其内容是否符合您个人或您企业的安全策略和流程。
(编辑:CNVD) | 已有0条评论
登录 后才能发表评论