2009年漏洞最多的10款知名软件 开源浏览器占半
时间:2009-12-27 来源:linux论坛
近岁末,资讯网站Zdnet评出了2009年被发现漏洞最多的十个软件产品,Adobe轻松包揽前三名;此外,榜上的其他产品大家也不陌生:Firefox、Java;不过大家所熟悉的IE、Windows系统、Office等微软系列并不在该项榜单中。
1、Adobe Reader
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/yGVYRUm0oN45zQOvM1aFsbP26uDglELr.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(1)
Adobe是一款应用十分广泛的办公软件,包含多个功能强大的应用组件。提到漏洞,人们经常首先想到的是Adobe。今年发现的漏洞 有:Adobe Reader可以直接用浏览器点击网页上的PDF文档,并在浏览器的窗口中打开该文档,被挂马集团利用;DoS拒绝服务式攻击、缓冲区溢出问题等。
2、Adobe Flash Player
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/msuHG4ZpNr9lWQYqyafedbA2IwMC3USx.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(2)
排在第二位的是Adobe Flash Player。黑客正在利用新版Adobe Flash Player的漏洞向用户发起攻击,这种漏洞可以让黑客获得对用户电脑的完全控制权,并伪造一个1.1KB的Flash视频文件进行攻击。
3、Adobe Shockwave
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/KIoYVry6CStgLU4x3BwQbOkDhiPm1TWJ.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(3)
与上述两个产品类似,Adobe Shockwave中的漏洞会导致用户被远程控制、自动下载恶意代码。
4、Firefox
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/a9SWt40I1Jkmns3coUer8lD75LTxQgh2.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(4)
Firefox是著名的开源浏览器,也是黑客攻击的主要目标之一。今年共发现102个漏洞。在Firefox 3.0.15和3.5.4之前的版本中,未能很好的处理好下载文件的统一字符码。
5、Sun Java
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/i6DxPJgSa0ZyBl3HsNG8XpofU9mThLMz.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(5)
今年,Java开发工具包和运行环境5.0和6.0分别修复了22、17个漏洞。通常攻击者利用浏览器恶意代码就能轻松进入系统,被入侵的一个明显特征是扩展的指令指针被设置为0x41424344。
6、Opera 9.6
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/Ua7cftQBOMNnSr53kdAjuDeFVYoP4bsG.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(6)
另一款知名浏览器Opera尽管全球范围内的用户数量并不多(不足2%),但是Opera对于现代浏览器的推动作用不容忽视,正是Opera首 创了许多特色功能(鼠标手势等)逐步被其他产品借鉴吸收。在Opera 9.6版本中攻击者可以通过执行JPEG图像进行内存破坏活动。
最新的Opera 10.5采用号称最快的渲染引擎,也更加注重安全性。
7、Apple QuickTime
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/rFEhg9KP5QtzG0RiTobqdxfcyp7uLlXj.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(7)
苹果针对QuickTime7.6接连发布了数次缓冲区溢出及处理异常漏洞高危通知,黑客利通图形或者视频文件格式有关的漏洞欺骗用户打开恶意文件。用户在播放AVI格式的文件时要尤其注意。
8、RealNetworks RealPlayer
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/dJkXPq0mHExSlDLrKvCAb9y3WU8M64Fa.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(8)
RealPlayer 11中的DLL文件允许IVR视频文件执行远程控制代码,恶意代码在Windows中隐藏起来,给用户带来潜在的威胁。
9、Safari
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/rW8ZRsTnPLcx5tI2k6fYMqmoEjHJXuCg.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(9)
Safari是苹果旗下的浏览器产品,随着Mac机和iPhone的逐渐升温针对它们的攻击也越来越多。今年Safari接连出现多个域名错误、缓冲溢出等问题。
10、Trillian
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/4LV0TMJr3oufm8AG7Fgpzy5PxblZcKOX.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(10)
Trillian是国外较为流行的Windows即时消息服务,该软件3.1.9版被发现存在多个漏洞,包括tooltip代码、XML标签存在缺陷。
新闻来自:Zdnet,NewHua
1、Adobe Reader
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/yGVYRUm0oN45zQOvM1aFsbP26uDglELr.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(1)
Adobe是一款应用十分广泛的办公软件,包含多个功能强大的应用组件。提到漏洞,人们经常首先想到的是Adobe。今年发现的漏洞 有:Adobe Reader可以直接用浏览器点击网页上的PDF文档,并在浏览器的窗口中打开该文档,被挂马集团利用;DoS拒绝服务式攻击、缓冲区溢出问题等。
2、Adobe Flash Player
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/msuHG4ZpNr9lWQYqyafedbA2IwMC3USx.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(2)
排在第二位的是Adobe Flash Player。黑客正在利用新版Adobe Flash Player的漏洞向用户发起攻击,这种漏洞可以让黑客获得对用户电脑的完全控制权,并伪造一个1.1KB的Flash视频文件进行攻击。
3、Adobe Shockwave
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/KIoYVry6CStgLU4x3BwQbOkDhiPm1TWJ.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(3)
与上述两个产品类似,Adobe Shockwave中的漏洞会导致用户被远程控制、自动下载恶意代码。
4、Firefox
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/a9SWt40I1Jkmns3coUer8lD75LTxQgh2.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(4)
Firefox是著名的开源浏览器,也是黑客攻击的主要目标之一。今年共发现102个漏洞。在Firefox 3.0.15和3.5.4之前的版本中,未能很好的处理好下载文件的统一字符码。
5、Sun Java
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/i6DxPJgSa0ZyBl3HsNG8XpofU9mThLMz.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(5)
今年,Java开发工具包和运行环境5.0和6.0分别修复了22、17个漏洞。通常攻击者利用浏览器恶意代码就能轻松进入系统,被入侵的一个明显特征是扩展的指令指针被设置为0x41424344。
6、Opera 9.6
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/Ua7cftQBOMNnSr53kdAjuDeFVYoP4bsG.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(6)
另一款知名浏览器Opera尽管全球范围内的用户数量并不多(不足2%),但是Opera对于现代浏览器的推动作用不容忽视,正是Opera首 创了许多特色功能(鼠标手势等)逐步被其他产品借鉴吸收。在Opera 9.6版本中攻击者可以通过执行JPEG图像进行内存破坏活动。
最新的Opera 10.5采用号称最快的渲染引擎,也更加注重安全性。
7、Apple QuickTime
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/rFEhg9KP5QtzG0RiTobqdxfcyp7uLlXj.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(7)
苹果针对QuickTime7.6接连发布了数次缓冲区溢出及处理异常漏洞高危通知,黑客利通图形或者视频文件格式有关的漏洞欺骗用户打开恶意文件。用户在播放AVI格式的文件时要尤其注意。
8、RealNetworks RealPlayer
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/dJkXPq0mHExSlDLrKvCAb9y3WU8M64Fa.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(8)
RealPlayer 11中的DLL文件允许IVR视频文件执行远程控制代码,恶意代码在Windows中隐藏起来,给用户带来潜在的威胁。
9、Safari
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/rW8ZRsTnPLcx5tI2k6fYMqmoEjHJXuCg.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(9)
Safari是苹果旗下的浏览器产品,随着Mac机和iPhone的逐渐升温针对它们的攻击也越来越多。今年Safari接连出现多个域名错误、缓冲溢出等问题。
10、Trillian
screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onmouseover="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.style.cursor='hand'; this.alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" onclick="if(!this.resized) {return true;} else {window.open('http://images.lampchina.net/news/11/4LV0TMJr3oufm8AG7Fgpzy5PxblZcKOX.jpg');}" onmousewheel="return imgzoom(this);" alt="" />
图(10)
Trillian是国外较为流行的Windows即时消息服务,该软件3.1.9版被发现存在多个漏洞,包括tooltip代码、XML标签存在缺陷。
新闻来自:Zdnet,NewHua
相关阅读 更多 +
