Microsoft confirms animated-cursor flaw微软正式公布动态链接(animated-cursor)漏洞
2007-03-30 15:58
681 查看
翻译不准备的地方,请大家指正,谢谢!
======
Microsoft confirms animated-cursor flaw
微软正式公布动态链接(animated-cursor)漏洞
Published: 2007-03-29
Microsoft confirmed on Thursday that attacker could take control of a user's system by exploiting a flaw in the way the company's Windows software handles animated-cursor files.
本周四,微软公司发表声明:黑客能够通过一个漏洞入侵系统,通过这个漏洞入侵者可以绕过系统直接调用动态链接文件。
Animated cursors are looping images that replace the standard pointer on Windows systems. The flaw affects how all Microsoft operating systems--including the latest versions of Windows 2000, Windows XP, Windows Server 2003 and Windows Vista--handle animated-cursor files, according to the software giant. There does not seem to be any evidence that the flaw is being used in a real-world attack, but Microsoft gave its standard rundown on the possible vectors of attack.
动态链接是循环镜像机制,在Windows系统中他用来复位标准指针。这个漏洞对几乎所有的操作系统——包括最新的操作系统Windows 2000,Windows XP,Windows Server 2003和Windows Vista,这些系统都是通过动态链接库来管理系统的。目前尚未有明显的证据表明入侵者利用这个漏洞入侵过系统,但是微软公司依然发布了这个漏洞。
"Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment the attacker could cause the affected system to execute code," Microsoft said in its advisory. "While animated cursors typically are associated with the .ani file extension, a successful attack is not constrained by this file type."
微软的发言人表示:“通过浏览网页,预览或者阅读一些特殊的信息,或者打开Email附件,都有可能运行这些不安全代码。动态链接与.ani文件相互联系,所以黑客不仅仅可以通过动态链接入侵系统,也可以通过其他与动态链接相关的信息入侵系统。”
McAfee reported the vulnerability on Wednesday after finding a description of the flaw posted to an unidentified message board. The company later received a malicious file that used the animated-cursor vulnerability to compromise the user's system. On Windows Vista, the exploit causes the system to endlessly crash and restart, the antivirus firm said on Thursday.
McAfee在周三的系统漏洞报告中指出:公司捕获到了黑客通过动态链接漏洞攻击危及用户系统。反病毒公司表示:在Windows Vista系统中,动态链接攻击导致Vista系统崩溃并重启。
Microsoft released Internet Explorer 7 in October, significantly improving the security of the browser. While McAfee stated that the exploit affects Windows XP systems with Service Pack 2 installed running either Internet Explorer 6 or 7, Windows Vista systems run Internet Explorer 7 in protected mode and so are not affected, Microsoft said.
在10月份即将推出的IE 7浏览器时,微软公司主要强调这个版本浏览器的安全性。然而McAfee表示安装了IE 6或IE 7 Windows XP SP2的系统依然会受攻击。但是微软公司声明在Windows Vista系统中运行IE 7将不会受到动态链接攻击。
Microsoft stated that the company would have to issue a security update to patch the issue.
微软公司表示为了系统的安全,用户需尽快更新他们的安全补丁。
======
Microsoft confirms animated-cursor flaw
微软正式公布动态链接(animated-cursor)漏洞
Published: 2007-03-29
Microsoft confirmed on Thursday that attacker could take control of a user's system by exploiting a flaw in the way the company's Windows software handles animated-cursor files.
本周四,微软公司发表声明:黑客能够通过一个漏洞入侵系统,通过这个漏洞入侵者可以绕过系统直接调用动态链接文件。
Animated cursors are looping images that replace the standard pointer on Windows systems. The flaw affects how all Microsoft operating systems--including the latest versions of Windows 2000, Windows XP, Windows Server 2003 and Windows Vista--handle animated-cursor files, according to the software giant. There does not seem to be any evidence that the flaw is being used in a real-world attack, but Microsoft gave its standard rundown on the possible vectors of attack.
动态链接是循环镜像机制,在Windows系统中他用来复位标准指针。这个漏洞对几乎所有的操作系统——包括最新的操作系统Windows 2000,Windows XP,Windows Server 2003和Windows Vista,这些系统都是通过动态链接库来管理系统的。目前尚未有明显的证据表明入侵者利用这个漏洞入侵过系统,但是微软公司依然发布了这个漏洞。
"Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment the attacker could cause the affected system to execute code," Microsoft said in its advisory. "While animated cursors typically are associated with the .ani file extension, a successful attack is not constrained by this file type."
微软的发言人表示:“通过浏览网页,预览或者阅读一些特殊的信息,或者打开Email附件,都有可能运行这些不安全代码。动态链接与.ani文件相互联系,所以黑客不仅仅可以通过动态链接入侵系统,也可以通过其他与动态链接相关的信息入侵系统。”
McAfee reported the vulnerability on Wednesday after finding a description of the flaw posted to an unidentified message board. The company later received a malicious file that used the animated-cursor vulnerability to compromise the user's system. On Windows Vista, the exploit causes the system to endlessly crash and restart, the antivirus firm said on Thursday.
McAfee在周三的系统漏洞报告中指出:公司捕获到了黑客通过动态链接漏洞攻击危及用户系统。反病毒公司表示:在Windows Vista系统中,动态链接攻击导致Vista系统崩溃并重启。
Microsoft released Internet Explorer 7 in October, significantly improving the security of the browser. While McAfee stated that the exploit affects Windows XP systems with Service Pack 2 installed running either Internet Explorer 6 or 7, Windows Vista systems run Internet Explorer 7 in protected mode and so are not affected, Microsoft said.
在10月份即将推出的IE 7浏览器时,微软公司主要强调这个版本浏览器的安全性。然而McAfee表示安装了IE 6或IE 7 Windows XP SP2的系统依然会受攻击。但是微软公司声明在Windows Vista系统中运行IE 7将不会受到动态链接攻击。
Microsoft stated that the company would have to issue a security update to patch the issue.
微软公司表示为了系统的安全,用户需尽快更新他们的安全补丁。
相关文章推荐
- 微软Microsoft正式在欧洲与中东销售其酷炫多点触摸产品---Surface
- WannaCry蠕虫(CVE-2017-11780漏洞)不同系统版本微软官方补丁编号-参考链接
- 动态光标(ANI)安全漏洞 -- 微软紧急安全公告
- 动态光标(ANI)安全漏洞 -- 微软紧急安全公告
- 谷歌工程师再度公布Windows漏洞 称微软难合作
- 微软谴责谷歌公布 Windows 漏洞:不厚道!
- 动态光标(ANI)安全漏洞 -- 微软紧急安全公告
- 微软正式提供Visual Studio 2013正式版下载(附直接链接汇总)
- 微软正式提供Visual Studio 2013正式版下载(附直接链接汇总)
- 微软正式提供Visual Studio 2013正式版下载(附直接链接汇总)
- 微软官方WINDOWS 10部署资料链接地址:Deploy Windows 10 with the Microsoft Deployment Toolkit
- 谷歌工程师再次公布Windows漏洞 并称微软很难合作
- 微软正式提供Visual Studio 2013正式版下载(附直接链接汇总)
- 动态光标(ANI)安全漏洞 -- 微软紧急安全公告
- 微软或将在来年二月正式公布Project Natal
- 微软企业库Microsoft Enterprise Library的相关文章链接
- 微软于周一正式公布了下一个版本的SharePoint服务器版本的初步系统要求
- 微软正式提供Visual Studio 2013正式版下载(附直接链接汇总)
- 动态光标(ANI)安全漏洞 -- 微软紧急安全公告
- 微软公布SharePoint漏洞 可导致应用突然关闭