Windows文件/目录名称处理 Shell命令注入漏洞 (MS12-048)

发布日期:2012-07-10
更新日期:2012-07-10

受影响系统:
Microsoft Windows 7
Microsoft Windows
Microsoft Windows      XP Professional
Microsoft Windows      XP Home Edition
Microsoft Windows      Vista
Microsoft Windows      Storage Server 2003
Microsoft Windows      Server 2003 Web Edition
Microsoft Windows      Server 2003 Standard Edition
Microsoft Windows      Server 2003 Enterprise Editi
Microsoft Windows      Server 2003 Datacenter Editi
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 54307
CVE ID: CVE-2012-0175

Windows Shell是Microsoft Windows中的主图形用户界面。

Microsoft Windows处理特制命令和目录名称时存在远程代码执行漏洞,成功利用后可远程执行任意代码。

<*来源:Microsoft
 
  链接:http://secunia.com/advisories/49873/
        http://www.microsoft.com/technet/security/bulletin/MS12-048.asp
*>

建议:
--------------------------------------------------------------------------------
厂商补丁:

Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS12-048)以及相应补丁:

MS12-048:Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)

链接:http://www.microsoft.com/technet/security/bulletin/MS12-048.asp

相关推荐