在这一周中, securityfocus ,报道了一些漏洞,一些应用场合,像往常一样,一个不能错过的微软环境。鉴于这些“不安全差距”在规划计划允许进行各种攻击,它的兴趣知道的潜力,可以利用的漏洞,通过证据的概念。
办公室查看AcitveX控制(控件)
办公室浏览器提出了一系列安全漏洞的ActiveX控件,让您编辑和查看Microsoft Office文件从您的网页浏览器。这意味着有可能攻击者执行任意代码的特权当前用户。
有许多无线一键通的这些弱点:
http://downloads.securityfocus.com/vulnerabilities/exploits/33245.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_powerpoint.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_office.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_word.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33222.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-office.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-powerpoint.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-word.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-excel.html
Microsoft知识库
如何防止执行一个ActiveX控件在IE
100M收购了Nullsoft的软件v5.3.2 &燮
由于此版本的软件,有缺陷的处理MP3文件, AIIF (音频交换文件格式) ,其中,通过MP3文件或AIFF故意操纵可能会引发缓冲区溢出,允许攻击者执行任意代码的特权当前用户。有一个一键通的这一弱点:
http://downloads.securityfocus.com/vulnerabilities/exploits/33226.pl
微软Windows编译的HTML帮助处理缓冲区溢出
已编译的HTML帮助(包括进出口)是一种文件格式,常用于帮助文件的Microsoft Windows 。通过故意操纵这一风格可以利用的漏洞在Windows XP SP3的导致缓冲区溢出。
http://downloads.securityfocus.com/vulnerabilities/exploits/33204.pl
办公室查看AcitveX控制(控件)
办公室浏览器提出了一系列安全漏洞的ActiveX控件,让您编辑和查看Microsoft Office文件从您的网页浏览器。这意味着有可能攻击者执行任意代码的特权当前用户。
有许多无线一键通的这些弱点:
http://downloads.securityfocus.com/vulnerabilities/exploits/33245.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_powerpoint.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_office.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_word.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33222.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-office.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-powerpoint.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-word.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-excel.html
Microsoft知识库
如何防止执行一个ActiveX控件在IE
100M收购了Nullsoft的软件v5.3.2 &燮
由于此版本的软件,有缺陷的处理MP3文件, AIIF (音频交换文件格式) ,其中,通过MP3文件或AIFF故意操纵可能会引发缓冲区溢出,允许攻击者执行任意代码的特权当前用户。有一个一键通的这一弱点:
http://downloads.securityfocus.com/vulnerabilities/exploits/33226.pl
微软Windows编译的HTML帮助处理缓冲区溢出
已编译的HTML帮助(包括进出口)是一种文件格式,常用于帮助文件的Microsoft Windows 。通过故意操纵这一风格可以利用的漏洞在Windows XP SP3的导致缓冲区溢出。
http://downloads.securityfocus.com/vulnerabilities/exploits/33204.pl
原创文章如转载,请注明:转载自心动吧黑客BLOG [ http://www.abcxd.com/abcxd/ ]
本文链接地址:http://www.abcxd.com/abcxd/abcxdArticle/windowsoday/Vulnerabilities-proofs-of-concept.html