【绿盟科技授权,赛迪发布,谢绝任何网站转载,违者,赛迪网将保留追究其法律责任的权利!】
发布日期:2007-09-05
更新日期:2007-09-06
受影响系统:
Intuit QuickBooks Online Edition 9
不受影响系统:
Intuit QuickBooks Online Edition 10
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 25544
CVE(CAN) ID: CVE-2007-4471,CVE-2007-0322
QuickBooks Online Edition是一款在线财务软件。
QuickBooks Online Edition的ActiveX控件处理在处理畸形用户请求时存在漏洞,远程攻击者可能利用此漏洞控制用户系统。
如果用户受骗打开了恶意HTML文档的话,QuickBooks Online Edition ActiveX控件的httpGETToFile()和httpPOSTFromFile()方式可能会向用户系统中任意位置下载或上传文件;其他一些方式中可能还会触发栈溢出,导致执行任意指令。
<*来源:Will Dormann
链接:http://www.kb.cert.org/vuls/id/979638
http://secunia.com/advisories/26659/
http://www.kb.cert.org/vuls/id/907481
*>
建议:
--------------------------------------------------------------------------------
临时解决方法:
在IE中为以下CLSID设置kill bit:
{CF9DEB90-8DE3-11D5-BAE4-00105AAAFF94}
{4F720B9C-24B1-4948-A035-8853DC01F19E}
{2EFF8C97-F2A8-4395-9F47-9A06F998BF88}
{2CC3D8DE-18BF-43ff-8CB8-21B442300FD5}
{DBB177CC-6908-4b53-9BEE-F1C697818D65}
{A80D199B-CFDD-4da4-8C47-2310D5B8DD97}
{0D3983A9-4E29-4f33-8313-DA22B29D3F87}
{D92D7607-05D9-4dd8-B68B-D458948FB883}
{8CE3BAE6-AB66-40b6-9019-41E5282FF1E2}
{40F8967E-34A6-474a-837A-CEC1E7DAC54C}
|
或将以下文本保存为.REG文件并导入:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{CF9DEB90-8DE3-11D5-BAE4-00105AAAFF94}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{4F720B9C-24B1-4948-A035-8853DC01F19E}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{2EFF8C97-F2A8-4395-9F47-9A06F998BF88}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{2CC3D8DE-18BF-43ff-8CB8-21B442300FD5}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{DBB177CC-6908-4b53-9BEE-F1C697818D65}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{A80D199B-CFDD-4da4-8C47-2310D5B8DD97}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{0D3983A9-4E29-4f33-8313-DA22B29D3F87}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{D92D7607-05D9-4dd8-B68B-D458948FB883}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{8CE3BAE6-AB66-40b6-9019-41E5282FF1E2}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{40F8967E-34A6-474a-837A-CEC1E7DAC54C}]
"Compatibility Flags"=dword:00000400
|
厂商补丁:
Intuit
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://oe.quickbooks.com/index.cfm
您的位置: 
