Oracle Siebel Option Pack for IE ActiveX控件内存初始化漏洞

Oracle Siebel Option Pack for IE ActiveX控件内存初始化漏洞

Oracle Siebel Option Pack for IE ActiveX控件内存初始化漏洞

发布日期：2010-08-06
更新日期：2010-08-09

受影响系统：
Oracle Siebel Option Pack for IE 7.x
描述：
--------------------------------------------------------------------------------
CVE ID: CVE-2009-3737

Siebel Option Pack for IE是Oracle Siebel CRM软件所提供的ActiveX控件。

Siebel Option Pack for IE ActiveX控件没有正确地初始化由NewBusObj()方式所使用的内存，用户受骗访问了恶意网页并用特制参数调用该方式就可能导致执行任意代码。

<*来源：Will Dormann
 
  链接：http://secunia.com/advisories/40804/
        http://www.kb.cert.org/vuls/id/174089
*>

建议：
--------------------------------------------------------------------------------
临时解决方法：

* 将以下文本保存为.REG文件并导入：

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07070bfd-c501-4899-934d-0b96a9f70795}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{07070bfd-c501-4899-934d-0b96a9f70795}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26bac093-997c-4084-bad6-c35f5d67ea99}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{26bac093-997c-4084-bad6-c35f5d67ea99}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{45874228-a445-40dc-962b-ec15559b1741}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{45874228-a445-40dc-962b-ec15559b1741}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{631F0C94-C02F-40AC-A31B-DDC39731FC81}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{631F0C94-C02F-40AC-A31B-DDC39731FC81}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{68cdb19a-6305-4589-8c35-41e3502cd451}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{68cdb19a-6305-4589-8c35-41e3502cd451}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{81a81dd2-a261-442a-b9b1-df10a2542020}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{81a81dd2-a261-442a-b9b1-df10a2542020}]
"Compatibility Flags"=dword:00000400

厂商补丁：

Oracle
------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://www.oracle.com