Adobe Form Designer和Form Client多个缓冲区溢出漏洞

 
受影响系统:
Adobe Form Designer/Client 5.0
描述:
——————————————————————————–
BUGTRAQ ID: 28210
CVE(CAN) ID: CVE-2007-6253

Adobe Form Designer是Adobe Designer产品家族的成员,用于自动生成表单、捕获并处理数据。

Adobe Form Designer及其客户端提供了多个ActiveX控件,其中FileDlg.dll库所提供的Adobe File Dialog Button控件和SvrCopy.dll库所提供的Adobe Copy to Server对象中存在缓冲区溢出漏洞。如果用户受骗访问了恶意网页的话,就可能触发这些溢出,导致执行任意指令。

<*来源:Will Dormann

链接:http://secunia.com/advisories/29330/
http://www.kb.cert.org/vuls/id/362849
http://www.adobe.com/support/security/bulletins/apsb08-09.html
*>

建议:
——————————————————————————–
临时解决方法:

* 在IE中禁用Adobe Form ActiveX控件,为以下CLSID设置kill bit:

{00A2A192-4929-11D1-BA6C-080009D7FAD2}
{D10E546F-3AF9-11D1-BA6C-080009D7FAD2}

或者将以下文本保存为.REG文件或导入:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{00A2A192-4929-11D1-BA6C-080009D7FAD2}] “Compatibility Flags”=dword:00000400

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{D10E546F-3AF9-11D1-BA6C-080009D7FAD2}] “Compatibility Flags”=dword:00000400

厂商补丁:

Adobe
—–
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://download.adobe.com/pub/adobe/server/formclient/win/p_des_5_0_5990.zip
http://download.adobe.com/pub/adobe/server/formclient/win/p5_0_5990.zip

Adobe ColdFusion多个跨站脚本及无效日志漏洞

 
受影响系统:
Adobe ColdFusion MX 7.02
Adobe ColdFusion MX 7.01
Adobe ColdFusion MX 7.00
Adobe ColdFusion 8
描述:
——————————————————————————–
BUGTRAQ ID: 28205,28207
CVE(CAN) ID: CVE-2008-0643,CVE-2008-0644,CVE-2008-1203

ColdFusion MX是一款高效的网络应用服务器开发环境,具有很高的易用性和开发效率,基于标准的Java技术,可以与XML、Web Services和Microsoft.NET环境相集成。

如果ColdFusion应用的Application.cfm或Application.cfc包含有setEncoding函数的话,远程攻击者就可以通过提交恶意请求执行跨站脚本攻击。

ColdFusion没有正确地过滤某些CGI变量便返回给了用户,这允许远程攻击者通过篡改User Agent执行跨站脚本攻击,在用户浏览器会话中注入并执行任意HTML和脚本代码。

ColdFusion没有记录到管理界面失败的登录尝试,这可能便于攻击者执行暴力猜测攻击。

<*来源:Shigeyoshi Muraoka

链接:http://secunia.com/advisories/29332/
http://www.adobe.com/support/security/bulletins/apsb08-06.html
http://www.adobe.com/support/security/bulletins/apsb08-07.html
http://www.adobe.com/support/security/bulletins/apsb08-08.html
*>

建议:
——————————————————————————–
厂商补丁:

Adobe
—–
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.adobe.com/support/coldfusion/ts/documents/kb403212/hf702-70734.zip
http://www.adobe.com/support/coldfusion/ts/documents/kb403070/chf8000003.zip
http://www.adobe.com/support/security/bulletins/downloads/CF8_APSB08-0_8.zip
http://www.adobe.com/support/security/bulletins/downloads/CFMX7_APSB08_-08.zip

任课教师:任一涛

20041050098

两题任选一个

1. One day life at campus

2. An interesting thing I remenbered at compus

我选择了第2题,得分91。

An interesting thing I remembered at campus

        The interesting thing I remebered at campus is wathcing “The Lord of the Ring”.

        It was happened when I was in the grade One in the college. I was a new student in the campus. I was curious about everything. New man needn’t to do many things, so I always had a lot of sapre time. Occasionally, I saw a notice said the movie “The lord of the Ring” has being shown at every sunday night from 19:00 to 22:00. I went there at time.

        It was suprised that there were only a couple of students. I thought that there would be so many students that I had to sit back. I took my seat in the front. The movie has already began. What impressed me was not the movie, but the environment. I had watched the movie on TV before. It was a good movie that  I still like it. But the environment really gave me more that I expected. The scient room, few people, glommy light, the big screen and the perfect sound effect. It brought me into the middle land and into the legend.

        I enjoyed it and went there every sunday night. It never let me down. Till now, I still can not forget that environment. It has stored in my brain like an brilliant art.