{"id":148,"date":"2009-11-26T03:01:06","date_gmt":"2009-11-26T03:01:06","guid":{"rendered":"http:\/\/www.houquner.com\/?p=543"},"modified":"2009-11-26T03:01:06","modified_gmt":"2009-11-26T03:01:06","slug":"ie-css-0day%e6%bc%8f%e6%b4%9e%e7%9c%9f%e5%ae%9e%e5%ad%98%e5%9c%a8zz","status":"publish","type":"post","link":"https:\/\/www.houquner.com\/index.php\/archives\/148","title":{"rendered":"IE CSS 0day\u6f0f\u6d1e\u771f\u5b9e\u5b58\u5728(zz)"},"content":{"rendered":"<p>\u91d1\u5c71\u5b89\u5168\u5b9e\u9a8c\u5ba4\u4e8e\u6628\u5929\u53d1\u5e03\u4e86\u5173\u4e8eIE7 CSS 0day\u6f0f\u6d1e\u7684\u5b89\u5168\u65b0\u95fb\u3002\u4f46\u8fd9\u6837\u7684\u8b66\u62a5\u4fe1\u606f\u88ab360\u6c61\u8511\u4e3a\u201c\u91d1\u5c71\u8bef\u62a5\u5fae\u8f6f0day\u6f0f\u6d1e\u201d\uff0c\u5e76\u79f0\u91d1\u5c71\u95f9\u4e86\u4e2a\u5927\u7b11\u8bdd\u3002<\/p>\n<p>\u4ee5\u4e0b\u5185\u5bb9\u6458\u81ea360\u53d1\u5e03\u7684\u65b0\u95fb\u901a\u7a3f<br \/>\n\u76f8\u5173\u94fe\u63a5\uff1a<a href=\"http:\/\/www.cnsoftnews.com\/show_news.asp?newsid=16755\">http:\/\/www.cnsoftnews.com\/show_news.asp?newsid=16755<\/a><\/p>\n<p>11\u670823\u65e5\u6d88\u606f \u91d1\u5c71\u6240\u8c13\u7684IE7\u201cCSS 0day\u6f0f\u6d1e\u201d\u53ea\u662fIE7\u8f6f\u4ef6\u7684\u7a33\u5b9a\u6027\u9519\u8bef\uff0c\u6839\u672c\u4e0d\u53ef\u80fd\u88ab\u9ed1\u5ba2\u5229\u7528\u6302\u9a6c\uff0c\u5fae\u8f6f\u5b98\u65b9\u4e5f\u6ca1\u6709\u5c06\u6b64\u7c7b\u975e\u7cfb\u7edf\u7ea7\u9519\u8bef\u5b9a\u4e49\u4e3a\u5b89\u5168\u6f0f\u6d1e\u3002360\u65b9\u9762\u6307\u51fa\uff0c\u91d1\u5c71\u6b64\u4e3e\u53ea\u662f\u4e3a\u4e86\u6253\u538b\u62a5\u590d360\u514d\u8d39\u6740\u6bd2\uff0c\u901a\u8fc7\u6b3a\u9a97\u548c\u6050\u5413\u7528\u6237\u7684\u65b9\u5f0f\u63a8\u9500\u4ea7\u54c1<\/p>\n<p>\u622a\u56fe\u5b58\u6863<\/p>\n<p>\u7f8e\u56fd\u8457\u540d\u4fe1\u606f\u5b89\u5168\u516c\u53f8Symantec\u4e8e2009\u5e7411\u670821\u65e5\u4e5f\u5bf9\u8be5\u6f0f\u6d1e\u8fdb\u884c\u4e86\u8be6\u7ec6\u5206\u6790\uff0c\u5206\u6790\u5168\u6587\u5982\u4e0b\uff1a<br \/>\nZero-Day Internet Explorer Exploit Published<br \/>\nA new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future.\u00a0 When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors.\u00a0 For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.<\/p>\n<p>The exploit targets a vulnerability in the way Internet Explorer uses cascading style sheet (CSS) information. CSS is used in many Web pages to define the presentation of the sites\u2019 content. Symantec currently detects the exploit with the Bloodhound.Exploit.129 antivirus signature and is working on new signatures now. Symantec IPS protection also currently detects this exploit with signatures HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious Javascript Heap Spray BO. A new IPS signature, HTTP IE Style Heap Spray BO, has also been created for this specific exploit. To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft.<\/p>\n<p>\u8c37\u6b4c\u91d1\u5c71\u8bcd\u9738\u7684\u7ffb\u8bd1\u7ed3\u679c\uff1a<br \/>\n\u96f6\u65e5\u53d1\u5e03\u7684Internet Explorer\u6f0f\u6d1e<br \/>\n\u5229\u7528\u4e00\u79cd\u65b0\u7684\u9488\u5bf9Internet Explorer\u662f\u53d1\u5e03\u5230 Bugtraq\u90ae\u4ef6\u5217\u8868 \u6628\u5929\u3002\u8d5b\u95e8\u94c1\u514b\u8fdb\u884c\u8fdb\u4e00\u6b65\u8bd5\u9a8c\uff0c\u5e76\u786e\u8ba4\u5176\u5f71\u54cdInternet Explorer\u7248\u672c6\u548c7\u4ee5\u53ca\u3002\u8be5\u6f0f\u6d1e\u76ee\u524d\u5c55\u51fa\u7684\u53ef\u9760\u6027\u5dee\u7684\u8ff9\u8c61\uff0c\u4f46\u6211\u4eec\u9884\u8ba1\u5168\u529f\u80fd\u53ef\u9760\u7684\u5229\u7528\u5c06\u5728\u4e0d\u4e45\u7684\u5c06\u6765\u63d0\u4f9b\u3002\u53d1\u751f\u8fd9\u79cd\u60c5\u51b5\u65f6\uff0c\u653b\u51fb\u8005\u5c06\u6709\u80fd\u529b\u5229\u7528 \u63d2\u5165\u5230\u7f51\u7ad9\uff0c\u611f\u67d3\u6f5c\u5728\u6e38\u5ba2\u3002\u5bf9\u4e8e\u653b\u51fb\u8005\u53d1\u52a8\u653b\u51fb\u6210\u529f\uff0c\u4ed6\u4eec\u5fc5\u987b\u5f15\u8bf1\u53d7\u5bb3\u4eba\u7684\u6076\u610f\u7f51\u9875\u6216\u7f51\u7ad9\u7684\u4ed6\u4eec\u6709\u635f\u5bb3\u3002\u5728\u8fd9\u4e24\u79cd\u60c5\u51b5\u4e0b\uff0c\u653b\u51fb\u9700\u8981JavaScript\u5229 \u7528IE\u6d4f\u89c8\u5668\u3002<\/p>\n<p>\u8be5\u6f0f\u6d1e\u7684\u76ee\u6807\uff0c\u5728IE\u6d4f\u89c8\u5668\u4f7f\u7528\u7684\u6f0f\u6d1e \u7ea7\u8054\u6837\u5f0f\u8868 \uff08CSS\uff09\u7684\u4fe1\u606f\u3002 CSS\u88ab\u7528\u5728\u8bb8\u591a\u7f51\u9875\u4ee5\u786e\u5b9a\u5bf9\u7f51\u7ad9\u7684\u5185\u5bb9\u4ecb\u7ecd\u3002\u8d5b\u95e8\u94c1\u514b\u76ee\u524d\u68c0\u6d4b\u4e0e\u5229\u7528 Bloodhound.Exploit.129 \u9632\u75c5\u6bd2\u7b7e\u540d\uff0c\u662f\u6839\u636e\u73b0\u5728\u65b0\u7684\u7b7e\u540d\u5de5\u4f5c\u3002\u8d5b\u95e8\u94c1\u514bIPS\u4fdd\u62a4\u4e5f\u6b63\u5728\u68c0\u6d4b\u8fd9\u79cd\u5229\u7528\u4e0e\u7b7e\u540d \u5fae\u8f6fIE\u901a\u7528\u7684HTTP\u5806\u55b7\u96fe\u516c\u62a5 \u548c \u6076\u610f\u7684JavaScript\u7684HTTP\u5806\u55b7\u96fe\u516c\u62a5\u3002\u65b0\u7684IPS\u7b7e\u540d\uff0cIE\u6d4f\u89c8\u5668\u98ce\u683c\u7684HTTP\u5806\u55b7\u96fe\u516c\u62a5\uff0c\u8fd8\u8bbe\u7acb\u4e86\u4e00\u4e2a\u5177\u4f53\u7684\u6f0f\u6d1e\u3002\u4e3a\u4e86\u5c3d\u91cf\u51cf\u5c11\u53d7\u5230\u7684\u673a\u4f1a\u8fd9\u4e2a\u95ee\u9898\uff0cIE\u6d4f\u89c8\u5668\u7528\u6237\u53d7\u5230\u5f71\u54cd\uff0c\u5e94\u786e\u4fdd\u4ed6\u4eec\u7684\u6740\u6bd2\u8f6f\u4ef6\u7684\u5b9a\u4e49\u662f\u6700\u65b0\u7684\uff0c\u7981\u7528JavaScript\uff0c\u53ea\u8bbf\u95ee\u4ed6\u4eec\u4fe1\u4efb\u7684\u7f51\u7ad9\uff0c\u76f4\u5230\u4fee\u590d\u7a0b\u5e8f\u662fMicrosoft\u63d0\u4f9b\u3002<\/p>\n<p>\u76f8\u5173\u94fe\u63a5\uff1a<a href=\"http:\/\/www.symantec.com\/connect\/blogs\/zero-day-internet-explorer-exploit-published\">http:\/\/www.symantec.com\/connect\/blogs\/zero-day-internet-explorer-exploit-published<\/a><\/p>\n<p>\u96441\uff1a\u56fd\u5bb6\u8ba1\u7b97\u673a\u7f51\u7edc\u5e94\u6025\u6280\u672f\u5904\u7406\u534f\u8c03\u4e2d\u5fc3\u5bf9\u8be5\u6f0f\u6d1e\u4fe1\u606f\u7684\u901a\u62a5\u90ae\u4ef6<\/p>\n<p>\u96442\uff1a\u5fae\u8f6f\u56de\u5e94IE\u8fdc\u7a0b\u6f0f\u6d1e \u627f\u8ba4\u53ef\u88ab\u8fdc\u7a0b\u63a7\u5236<\/p>\n<p>\u636e\u7f8e\u56fdCNET\u7f51\u7ad9\u62a5\u9053\uff0c\u5728\u5fae\u8f6fIE 6\u548cIE 7\u6d4f\u89c8\u5668\u7206\u51fa\u8fdc\u7a0b\u4ee3\u7801\u6f0f\u6d1e\u540e\uff0c\u5fae\u8f6f\u5b98\u65b9\u4f5c\u51fa\u56de\u5e94\uff0c\u79f0\u5728\u8c03\u67e5\u8be5\u6f0f\u6d1e\u8fc7\u7a0b\u4e2d\u53d1\u73b0\uff0c\u8be5\u6f0f\u6d1e\u786e\u5b9e\u53ef\u4ee5\u901a\u8fc7IE\u8fdc\u7a0b\u63a7\u5236\u8ba1\u7b97\u673a\uff0c\u4f46\u9700\u8981\u5728\u201c\u8bbf\u95ee\u4e00\u4e2a\u7279\u5b9a\u7684\u6258\u7ba1\u7ad9\u70b9\u201d\uff0c\u7528\u6237\u624d\u4f1a\u6709\u53ef\u80fd\u88ab\u63a7\u5236\u3002<\/p>\n<p>\u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1a<a href=\"https:\/\/www.houquner.com\">Kermit\u7684\u7f51\u7ad9<\/a> &raquo; <a href=\"https:\/\/www.houquner.com\/index.php\/archives\/148\">IE CSS 0day\u6f0f\u6d1e\u771f\u5b9e\u5b58\u5728(zz)<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>\u91d1\u5c71\u5b89\u5168\u5b9e\u9a8c\u5ba4\u4e8e\u6628\u5929\u53d1\u5e03\u4e86\u5173\u4e8eIE7 CSS 0day\u6f0f\u6d1e\u7684\u5b89\u5168\u65b0\u95fb\u3002\u4f46\u8fd9\u6837\u7684\u8b66\u62a5\u4fe1\u606f\u88ab360\u6c61\u8511\u4e3a\u201c\u91d1\u5c71\u8bef\u62a5\u5fae\u8f6f0day\u6f0f\u6d1e\u201d\uff0c\u5e76\u79f0\u91d1\u5c71\u95f9\u4e86\u4e2a\u5927\u7b11\u8bdd\u3002 \u4ee5\u4e0b\u5185\u5bb9\u6458\u81ea360\u53d1\u5e03\u7684\u65b0\u95fb\u901a\u7a3f \u76f8\u5173\u94fe\u63a5\uff1ahttp:\/\/www.cnsoftnews.com\/ [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-148","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/148"}],"collection":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/comments?post=148"}],"version-history":[{"count":0,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/posts\/148\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/media?parent=148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/categories?post=148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.houquner.com\/index.php\/wp-json\/wp\/v2\/tags?post=148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}