如果攻击者可欺骗用户将特别构建的文件下载到 Windows 桌面等特定位置，Windows SearchPath 函数在远程主机上查找并打开文件的方式中的漏洞可允许攻击者执行任意代码。

The remote host is missing IE Security Update 963027.

The remote version of IE is affected by several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.

リモートホストに IE セキュリティ更新 963027 がありません。

リモートバージョンの IE は、いくつかの脆弱性の影響を受けます。これにより、攻撃者は、リモートホストで任意のコードを実行できることがあります。

Windows の SearchPath 機能がリモートホストでファイルを探して開く方法での脆弱性により、攻撃者は、ユーザーをトリックにかけて、特別に作り上げられたファイルを特定の場所（Windows のデスクトップなど）にダウンロードさせることができる場合、任意のリモートコードを実行できることがあります。

远程主机缺少 IE 安全更新 963027。

远程 IE 版本受到多个漏洞的影响，可能会允许攻击者在远程主机上执行任意代码。

The version of Safari installed on the remote host reportedly is affected by several issues :

  - An out-of-bounds memory read while handling BMP and GIF     images may lead to information disclosure     (CVE-2008-1573).

  - Safari will automatically launch executable files     downloaded from a site if that site is in an IE7 zone     with 'Launching applications and unsafe files' set to     'Enable' or an IE6 'Local intranet ' / ' Trusted sites'     zone (CVE-2008-2306).

  - There is a memory corruption issue in WebKit's     handling of JavaScript arrays that could be leveraged     to crash the application or execute arbitrary code     if visiting a malicious site (CVE-2008-2307).

  - When handling an object with an unrecognized content     type, Safari does not prompt the user before     downloading the object (aka, the 'carpet-bombing'     issue). If the download location is the Windows     Desktop (the default), this could lead to arbitrary     code execution (CVE-2008-2540).

A vulnerability in the way the Windows SearchPath function locates and opens files on the remote host could allow an attacker to execute arbitrary remote code if he can trick a user into downloading a specially crafted file into a specific location, such as the Windows Desktop.

The version of Safari installed on the remote host reportedly is affected by several issues :

  - An out-of-bounds memory read while handling BMP and GIF images may lead to information disclosure (CVE-2008-1573).
  - Safari will automatically launch executable files downloaded from a site if that site is in an IE7 zone with 'Launching applications and unsafe files' set to 'Enable' or an IE6 'Local intranet ' / ' Trusted sites' zone (CVE-2008-2306).
  - There is a memory corruption issue in WebKit's handling of JavaScript arrays that could be leveraged to crash the application or execute arbitrary code if visiting a malicious site (CVE-2008-2307).
  - When handling an object with an unrecognized content type, Safari does not prompt the user before downloading the object (aka, the 'carpet-bombing' issue). If the download location is the Windows Desktop (the default), this could lead to arbitrary code execution (CVE-2008-2540).

ID	名稱	產品	系列	已發布	已更新	嚴重性
36153	MS09-015：SearchPath 中的混合威胁漏洞可允许权限提升 (959426)	Nessus	Windows : Microsoft Bulletins	2009/4/15	2018/11/15	high
36152	MS09-014: Cumulative Security Update for Internet Explorer (963027)	Nessus	Windows : Microsoft Bulletins	2009/4/15	2025/5/7	high
36152	MS09-014：Internet Explorer の累積セキュリティ更新（963027）	Nessus	Windows : Microsoft Bulletins	2009/4/15	2025/5/7	high
36153	MS09-015：SearchPath での複合型脅威の脆弱性により、権限を昇格できる可能性があります（959426）	Nessus	Windows : Microsoft Bulletins	2009/4/15	2018/11/15	high
36152	MS09-014：Internet Explorer 累积安全更新 (963027)	Nessus	Windows : Microsoft Bulletins	2009/4/15	2025/5/7	high
33226	Safari < 3.1.2 Multiple Vulnerabilities	Nessus	Windows	2008/6/20	2018/11/15	high
36153	MS09-015: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)	Nessus	Windows : Microsoft Bulletins	2009/4/15	2018/11/15	high
4556	Safari < 3.1.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	2004/8/18	2019/3/6	medium

偵測

搜尋 Plugin

high

high

high

high

high

high

high

medium