BUGTRAQ ID: 31065
CVE ID:CVE-2008-3008
CNCVE ID:CNCVE-20083008
Microsoft Windows Media Encoder 9是一款视频音频编码工具。
Microsoft Windows Media Encoder 9包含的WMEX.DLL ActiveX存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。
构建特殊的WEB页,诱使用户访问,可触发此漏洞。目前没有详细漏洞细节提供。
Microsoft Windows Media Encoder 9 x64
+ Microsoft Advanced Windows Media Plug-In for Adobe Premier 6.5 (Beta)
Microsoft Windows Media Encoder 9
+ Microsoft Advanced Windows Media Plug-In for Adobe Premier 6.5 (Beta)
可参考如下临时解决方案:
-反注册WMEX.DLL
在管理员命令行中输入如下命令:
regsvr32.exe -u "C:\Program Files\Windows Media Components\Encoder\wmex.dll"
要恢复反注册可在在管理员命令行中输入如下命令:
regsvr32.exe "C:\Program Files\Windows Media Components\Encoder\wmex.dll"
-xianzhi dui WMEX.DLL的访问:
Windows 2000, Windows XP, 和Windows Server 2003中在管理员命令行中输入如下命令:
Echo y| cacls "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /E /P everyone:N
在Windows Vista和Windows Server 2008中在管理员命令行中输入如下命令:
Takeown.exe /f "C:\Program Files\Windows Media Components\Encoder\wmex.dll"
Icacls.exe "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /save %TEMP%\WMEX_ACL.TXT
Icacls.exe "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /deny everyone:(F)
要恢复反注册:
Windows 2000, Windows XP, 和Windows Server 2003中在管理员命令行中输入如下命令:
cacls "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /E /R everyone
在Windows Vista和Windows Server 2008中在管理员命令行中输入如下命令:
icacls "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /grant everyone:(F)
icacls "C:\Program Files\Windows Media Components\Encoder\wmex.dll" /restore %TEMP%\WMEX_ACL.TXT
可参考如下补丁:
Microsoft Windows Media Encoder 9
Microsoft Security Update for Windows Media Encoder 9 Series for Windows 2000 (KB954156)
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=0cabfbc0-db5d target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=0cabfbc0-db5d</a> -4a6a-a4cd-e6df89ac2b25
Microsoft Security Update for Windows Media Encoder 9 Series for Windows Server 2003 (KB954156)
Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=54ce1080-94cf target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=54ce1080-94cf</a> -4e4f-8e09-a7dbab2757c5
Microsoft Security Update for Windows Media Encoder 9 Series for Windows Server 2008 (KB954156)
Windows Server 2008
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=5434ca66-5a6b target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=5434ca66-5a6b</a> -4517-92fb-72dea0a172ec
Microsoft Security Update for Windows Media Encoder 9 Series for Windows Vista (KB954156)
Windows Vista; Windows Vista Service Pack 1
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=99beebc4-553a target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=99beebc4-553a</a> -46f8-8245-e3d932306c93
Microsoft Security Update for Windows Media Encoder 9 Series for Windows XP
Windows XP Service Pack 2 and Windows XP Service Pack 3
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=57bcb3c2-49d3 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=57bcb3c2-49d3</a> -4f18-8d03-36abd03d7403
Microsoft Windows Media Encoder 9 x64
Microsoft Security Update for 32-bit Windows Media Encoder 9 Series for Windows Server 2003 x64 Edition (KB954
Windows Server 2003 Service Pack 2 x64 Edition; Windows Server 2003, Datacenter x64 Edition; Windows Server 2003, Enterprise x64 Edition; Windows Server 2003, Standard x64 Edition
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=c83011cd-90b8 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=c83011cd-90b8</a> -494c-9cad-fa055e101992
Microsoft Security Update for 32-bit Windows Media Encoder 9 Series for Windows XP x64 Edition (KB954156)
Windows Server 2003 Service Pack 2 x64 Edition; Windows XP Professional x64 Edition
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyID=18efea9e-b103 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyID=18efea9e-b103</a> -46de-90d9-5e295854cec3
Microsoft Security Update for Windows Media Encoder 9 Series for Windows Server 2003 x64 Edition (KB954156)
Windows Server 2003 Service Pack 2 x64 Edition; Windows Server 2003, Datacenter x64 Edition; Windows Server 2003, Enterprise x64 Edition; Windows Server 2003, Standard x64 Edition
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=d8f1b782-136b target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=d8f1b782-136b</a> -443f-b5f2-63aa4d1fd94a
Microsoft Security Update for Windows Media Encoder 9 Series for Windows Server 2008 for x64 Edition (KB954156
Windows Server 2008
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=e30f9427-26d0 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=e30f9427-26d0</a> -4e86-b9b8-bc637c3b5734
Microsoft Security Update for Windows Media Encoder 9 Series for Windows Vista for x64-based Systems (KB954156
Windows Vista 64-bit Editions Service Pack 1; Windows Vista Business 64-bit edition; Windows Vista Enterprise 64-bit edition; Windows Vista Home Basic 64-bit edition; Windows Vista Home Premium 64-bit edition; Windows Vista Ultimate 64-bit edition
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=54d1279a-7f26 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=54d1279a-7f26</a> -4727-a39d-5505bcd4fc53
Microsoft Security Update for Windows Media Encoder 9 Series for Windows XP x64 Edition
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
<a href=http://www.microsoft.com/downloads/details.aspx?FamilyId=ebc1737c-6e78 target=_blank>http://www.microsoft.com/downloads/details.aspx?FamilyId=ebc1737c-6e78</a> -4244-a1b2-a56d031f16e9
京ICP备10040895号
暂无评论