名称: Microsoft Plus! 98 Windows ME Password Disclosure Vulnerability Name: Microsoft Plus! 98 Windows ME Password Disclosure Vulnerability
类型: 设计错误 Type: design errors
发布日期: 2001-4-3 Release Date: 2001-4-3
影响系统: Microsoft Plus! 98 Affect the system: Microsoft Plus! 98
- Microsoft Windows 98se - Microsoft Windows 98se
- Microsoft Windows 98 - Microsoft Windows 98
Microsoft Windows ME Microsoft Windows ME
描述: Plus! 98是用于Win98和Win98第二版的一个附加包。 Description: Plus! 98 is the Win98 and Win98 Second Edition for an additional package. Plus! 98和Windows ME提供了一个可选的特性,即用密码来保护压缩目录。 Plus! 98 and Windows ME provides an optional feature, which uses a password to protect the compression directory. 由于该密码保存在系统的一个文件(c:\windows\dynazip.log)中,因此能够从物理上访问机器的攻击者就可以读取密码并访问系统中用该密码保护的压缩目录。 Since the password is stored in a file system (c: \ windows \ dynazip.log), so that physical access to the machine the attacker can read the password and access the system using the password-protected compressed directory.
解决方法: 微软已经针对此漏洞开发了补丁程序,下载地址 Solution: Microsoft has developed a patch for this vulnerability, download address
Microsoft Plus! 98 : Microsoft Plus! 98:
Microsoft patch 252694usa8 Microsoft patch 252694usa8
http://download.microsoft.com/download/win98/update/14715/w98/en-us/252694usa8.exe http://download.microsoft.com/download/win98/update/14715/w98/en-us/252694usa8.exe
Microsoft Windows ME: Microsoft Windows ME:
Microsoft patch 252694usam Microsoft patch 252694usam
http://download.microsoft.com/download/winme/update/14715/winme/en-us/252694usam.exe http://download.microsoft.com/download/winme/update/14715/winme/en-us/252694usam.exe
临时方法: 建议从c:\windows\dynazip.log中删除dynazip.log文件 Temporary method: It is recommended from c: \ windows \ dynazip.log files deleted dynazip.log
Tidak ada komentar:
Posting Komentar