Microsoft Internet Explorer New ActiveX对象字符串串联内存破坏漏洞

BUGTRAQ ID: 30219 CNCAN ID：CNCAN-2008071510 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer new ActiveX对象处理存在内存破坏，远程攻击者可以利用漏洞对程序进行拒绝服务攻击，可能导致任意代码执行。 构建使用New ActiveX对象字符串的串联，当Internet Explorer解析时可导致应用程序崩溃，通过使用Javascript aka heapspray填充内存的方法可控制堆，导致以应用程序权限执行任意指令。 Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Terminal Server 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Professional 目前没有解决方案提供： <a href=http://www.microsoft.com/ie/ target=_blank>http://www.microsoft.com/ie/</a>