当前位置: 安全纵横 > 安全公告

Oracle Siebel Option Pack for IE ActiveX控件内存初始化漏洞

影响版本:
Oracle Siebel Option Pack for IE 7.x
漏洞描述:
CVE ID: CVE-2009-3737

Siebel Option Pack for IE是Oracle Siebel CRM软件所提供的ActiveX控件。

Siebel Option Pack for IE ActiveX控件没有正确地初始化由NewBusObj()方式所使用的内存,用户受骗访问了恶意网页并用特制参数调用该方式就可能导致执行任意代码。
<*参考
http://secunia.com/advisories/40804/
http://www.kb.cert.org/vuls/id/174089
*>
安恒安全建议:
建议使用明御WEB应用防火墙可以避免此漏洞产生的危害。

临时解决方法:

* 将以下文本保存为.REG文件并导入:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07070bfd-c501-4899-934d-0b96a9f70795}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{07070bfd-c501-4899-934d-0b96a9f70795}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26bac093-997c-4084-bad6-c35f5d67ea99}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{26bac093-997c-4084-bad6-c35f5d67ea99}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{45874228-a445-40dc-962b-ec15559b1741}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{45874228-a445-40dc-962b-ec15559b1741}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{631F0C94-C02F-40AC-A31B-DDC39731FC81}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{631F0C94-C02F-40AC-A31B-DDC39731FC81}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{68cdb19a-6305-4589-8c35-41e3502cd451}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{68cdb19a-6305-4589-8c35-41e3502cd451}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{81a81dd2-a261-442a-b9b1-df10a2542020}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{81a81dd2-a261-442a-b9b1-df10a2542020}]
"Compatibility Flags"=dword:00000400

厂商补丁

Oracle
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.oracle.com