首页 即时信息 技术研讨 统计报告 关于我们 搜索
安全公告
安全漏洞
安全提示
安全新闻
病毒资料
安全文档
安全文摘
安全工具
国际交流
技术FAQ
安全报告
动态信息
简 介
合 作
部分事例
联系方式
请您进入事件提交表单
当前位置: /安全漏洞
微软安全公告MS04-028更新
来源:CNCERT/CC 2004-09-24
安全漏洞 CN-VA04-93
发布日期:2004-9-24
漏洞类型:缓冲区溢出
漏洞评估:高危
受影响版本:
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server™ 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Office XP Service Pack 3 – Download the update
Microsoft Office XP Service Pack 3 Software
Microsoft Windows 2003
Microsoft Office 2003 Software
Microsoft Project 2002 Service Pack 1 (all versions)
Microsoft Project 2003 (all versions)
Microsoft Visio 2002 Service Pack 2 (all versions)
Microsoft Visio 2003 (all versions)
Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2002 Software
Microsoft Visual Studio .NET 2003
Microsoft Visual Studio .NET 2003 Software
The Microsoft .NET Framework version 1.0 SDK Service Pack 2
Microsoft Picture It!® 2002 (all versions)
Microsoft Greetings 2002
Microsoft Digital Image Pro version 7.0
Microsoft Picture It! version 9 (all versions, including Picture It! Library)
Microsoft Digital Image Pro version 9
Microsoft Digital Image Suite version 9
Microsoft Producer for Microsoft Office PowerPoint (all versions)
Microsoft Platform SDK Redistributable: GDI+
漏洞描述:
Microsoft的用户请注意 Microsoft安全公告MS04-028:JPEG处理存在缓存溢出漏洞可能允许执行任意代码,JPEG图片格式化处理时存在缓冲区溢出代码执行漏洞,可导致远程代码执行。该漏洞严重,如果用户使用管理权限登录,成功利用该漏洞可以完全控制受影响的系统,包括安装程序;查看、更改或删除数据;或者创建拥有完全权限的新帐户。
解决方案:
广大用户请注意,针对该漏洞的攻击代码已经被释放,请广大用户尽快下载补丁并升级。
请用户立刻下载补丁:
Microsoft Windows XP and Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6F8D70C1-63BD-4213-82C1-20266FDFD735&displaylang=en
Microsoft Windows XP 64-Bit Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1631C3F7-A40E-4B26-BD92-12141E6A7F58&displaylang=en
Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=98BFF681-9703-4D23-8DF8-B7239D6C531C&displaylang=en
Microsoft Windows Server2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=B2FBD93C-3DC3-4A9E-BDD6-9F39726EE3E2&displaylang=en
Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=98BFF681-9703-4D23-8DF8-B7239D6C531C&displaylang=en
Microsoft Office XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D128614-6D34-49DF-8D63-6C17E9A2D312&displaylang=en
Microsoft Office XP Service Pack 2:
http://download.microsoft.com/download/B/3/4/B349420C-7D50-4DD0-BFF2-249CF2DB43FA/Officexp-kb832332-fullfile-enu.exe
Microsoft Office 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=106BCF99-1BA9-4035-94C5-2A7FA90E5971&displaylang=en
Microsoft Project 2002 Service Pack 1 (all versions):
http://www.microsoft.com/downloads/details.aspx?FamilyId=B3EBCCEA-B0E4-41C7-A6F4-413864D2CCF3&displaylang=en
Microsoft Project 2003 (all versions):
http://www.microsoft.com/downloads/details.aspx?FamilyId=9E37B6B0-A028-47EA-8FA1-3705877A2908&displaylang=en
Microsoft Visio 2002 Service Pack 2 (all versions):
http://www.microsoft.com/downloads/details.aspx?FamilyId=16C2DFFD-7B73-43C4-AB0D-2B5EFC80EB63&displaylang=en
Microsoft Visio 2003 (all versions):
http://www.microsoft.com/downloads/details.aspx?FamilyId=C07D40A5-6F87-4D50-9640-34FFD2F189E1&displaylang=en
Microsoft Visual Studio .NET 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=44004D19-B22F-4AF2-A701-1FCB0467FBF9&displaylang=en
Microsoft Visual Studio .NET 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A13B7A21-463C-4286-AD68-E692417E80E2&displaylang=en
The Microsoft .NET Framework version 1.0 SDK Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=6978D761-4A92-4106-A9BC-83E78D4ABC5B&displaylang=en
Microsoft Picture It!2002 (all versions):
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Greetings 2002:
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Picture It! version 7.0 (all versions):
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Digital Image Pro version 7.0:
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Picture It! version 9 (all versions, including Picture It! Library):
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Digital Image Pro version 9
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Digital Image Suite version 9
http://www.microsoft.com/downloads/details.aspx?FamilyId=235EBC80-564B-4B52-A344-502E25AAD7FE&displaylang=en
Microsoft Producer for Microsoft Office PowerPoint (all versions):
http://www.microsoft.com/downloads/details.aspx?FamilyID=1b3c76d5-fc75-4f99-94bc-784919468e73&DisplayLang=en
Microsoft Platform SDK Redistributable: GDI+:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A63AB9C-DF12-4D41-933C-BE590FEAA05A&displaylang=en
参考信息:
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
漏洞提供者:
Mircosoft
其它信息:
CVE编号: CAN-2004-0200
首次发布日期:2004-9-15
修订次数:1
漏洞报告文档编写:
CNCERT/CC
-----------------------------------------------------------------------------------
CNCERT/CC在发布安全公告信息之前,都力争保证每条公告的准确性和可靠性。然而,采纳和实施公告中的建议则完全由用户自己决定,其可能引起的问题和结果也完全由用户承担。是否采纳我们的建议取决于您个人或您企业的决策,您应考虑其内容是否符合您个人或您企业的安全策略和流程。
在任何情况下,如果您确信您的计算机系统受到危害或是攻击,我们鼓励您及时告知国家计算机网络应急技术处理协调中心:http://www.cert.org.cn/servlet/Incident
同时,我们也鼓励所有计算机与网络安全研究机构,包括厂商和科研院所,向我们报告贵单位所发现的漏洞信息。我们将对所有漏洞信息进行验证并在CNCERT/CC网站公布漏洞信息及指导受影响用户采取措施以避免损失。
如果您发现本公告存在任何问题,请与我们联系:cncert@cert.org.cn
国家计算机网络应急技术处理协调中心 Email:cncert@cert.org.cn 应急响应电话:(010)82990999
| -ICP -IDC -ISP |