فا

‫ آسيب‌پذيري تخريب حافظه در Microsoft Windows VBScript

IRCAD2014023142
شماره:  IRCAD2014023142
تاريخ انتشار:  11-02-2014
ميزان حساسيت: بسيار مهم
نرم افزارهاي تحت تاثير:
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows RT
Microsoft Windows RT 8.1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
 
توضيح:
يك آسيب‌پذيري در ويندوز مايكروسافت گزارش شده است كه مي‌تواند توسط افراد خرابكار مورد سوء استفاده قرار گيرد تا كنترل سيستم يك كاربر را در اختيار بگيرند.
اين آسيب‌پذيري به علت خطايي در موتور اسكريپتينگ VBScript ايجاد شده است و مي‌تواند براي تخريب حافظه مورد سوء استفاده قرار گيرد.
سوء استفاده موفقيت‌آميز از اين آسيب‌پذيري مي‌تواند منجر به اجراي كد دلخواه گردد.
 
راهكار:
به‌روز رساني‌ها را اعمال نماييد.
Windows XP Professional x64 Edition Service Pack 2, VBScript 5.6 (2909213)
Windows Server 2003 Service Pack 2, VBScript 5.6 (2909213)
Windows Server 2003 x64 Edition Service Pack 2, VBScript 5.6 (2909213)
Windows Server 2003 with SP2 for Itanium-based Systems, VBScript 5.6 (2909213)
Windows XP Service Pack 3, VBScript 5.7 (2909212)
Windows XP Professional x64 Edition Service Pack 2, VBScript 5.7 (2909212)
Windows Server 2003 Service Pack 2, VBScript 5.7 (2909212)
Windows Server 2003 x64 Edition Service Pack 2, VBScript 5.7 (2909212)
Windows Server 2003 with SP2 for Itanium-based Systems, VBScript 5.7 (2909212)
Windows Vista Service Pack 2, VBScript 5.7 (2909212)
Windows Vista x64 Edition Service Pack 2, VBScript 5.7 (2909212)
Windows Server 2008 for 32-bit Systems Service Pack 2, VBScript 5.7 (2909212)
Windows Server 2008 for x64-based Systems Service Pack 2, VBScript 5.7 (2909212)
Windows Server 2008 for Itanium-based Systems Service Pack 2, VBScript 5.7 (2909212)
 
IE 8 :
Windows XP Service Pack 3, VBScript 5.8 (2909210)
Windows XP Professional x64 Edition Service Pack 2, VBScript 5.8 (2909210)
Windows Server 2003 Service Pack 2, VBScript 5.8 (2909210)
Windows Server 2003 x64 Edition Service Pack 2, VBScript 5.8 (2909210)
Windows Vista Service Pack 2, VBScript 5.8 (2909210)
Windows Vista x64 Edition Service Pack 2, VBScript 5.8 (2909210)
Windows Server 2008 for 32-bit Systems Service Pack 2, VBScript 5.8 (2909210)
Windows Server 2008 for x64-based Systems Service Pack 2, VBScript 5.8 (2909210)
Windows 7 for 32-bit Systems Service Pack 1, VBScript 5.8 (2909210)
Windows 7 for x64-based Systems Service Pack 1, VBScript 5.8 (2909210)
Windows Server 2008 R2 for x64-based Systems Service Pack 1, VBScript 5.8 (2909210)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, VBScript 5.8 (2909210)
 
IE 10 :
Windows 7 for 32-bit Systems Service Pack 1, VBScript 5.8 (2909210)
Windows 7 for x64-based Systems Service Pack 1, VBScript 5.8 (2909210)
Windows Server 2008 R2 for x64-based Systems Service Pack 1, VBScript 5.8 (2909210)
Windows 8 for 32-bit Systems, VBScript 5.8 (2909210)
Windows 8 for x64-based Systems, VBScript 5.8 (2909210)
Windows Server 2012, VBScript 5.8 (2909210)
 
IE 11:
Windows 7 for 32-bit Systems Service Pack 1, VBScript 5.8 (2909210)
Windows 7 for x64-based Systems Service Pack 1, VBScript 5.8 (2909210)
Windows Server 2008 R2 for x64-based Systems Service Pack 1, VBScript 5.8 (2909210)
Windows 8.1 for 32-bit Systems, VBScript 5.8 (2909210)
Windows 8.1 for x64-based Systems, VBScript 5.8 (2909210)
Windows Server 2012 R2, VBScript 5.8 (2909210)
 
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), VBScript 5.7 (2909212)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), VBScript 5.7 (2909212)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), VBScript 5.8 (2909210)
Windows Server 2012 (Server Core installation), VBScript 5.8 (2909210)
Windows Server 2012 R2 (Server Core installation), VBScript 5.8 (2909210)
 
 
منابع:
MS14-011 (KB2928390, KB2909213, KB2909212, KB2909210):
 
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 23 بهمن 1392

امتیاز

امتیاز شما
تعداد امتیازها: 0