CNNVD-ID编号 | CNNVD-201004-269 |
CVE编号 | CVE-2010-0477 |
发布时间 | 2010-04-14 |
更新时间 | 2010-04-14 |
漏洞类型 | 资源管理错误 |
漏洞来源 | Laurent Gaffi of stratsec |
危险等级 | 超危 |
威胁类型 | 远程 |
厂 商 | microsoft |
Microsoft Windows是微软发布的非常流行的WEB浏览器。
Microsoft Windows SMB客户端存在远程代码执行漏洞。Microsoft Windows Server 2008 R2和Windows 7的SMB客户端无法正确处理(1)SMBv1和(2)SMBv2响应包,远程SMB服务器和中间人攻击者可以通过特制的包执行任意代码,引发客户端读取全部响应,然后与Winsock内核(WSK)进行不正常交互,即\'\'SMB客户端报文尺寸漏洞\'\'。
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
Microsoft Windows 7 for 32-bit Systems 0
Microsoft Security Update for Windows 7 (KB980232)
http://www.microsoft.com/downloads/details.aspx?familyid=389184C5-9001-497D-BDF4-81F97ECB617F
Microsoft Windows Server 2008 for Itanium-based Systems R2
Microsoft Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980232)
http://www.microsoft.com/downloads/details.aspx?familyid=541E9E2F-EC1D-42B2-AAE5-481C0D435169
Microsoft Windows Server 2008 for x64-based Systems R2
Microsoft Security Update for Windows Server 2008 R2 x64 Edition (KB980232)
http://www.microsoft.com/downloads/details.aspx?familyid=CD1A046E-915D-4904-B753-5A24BE10C504
Microsoft Windows 7 for x64-based Systems 0
Microsoft Security Update for Windows 7 for x64-based Systems (KB980232)
http://www.microsoft.com/downloads/details.aspx?familyid=F3495DAE-71F3-421D-A191-D26965F26AD1
来源: US-CERT
名称: TA10-103A