新浪微博桌面音乐盒设计缺陷导致崩溃

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-07020

漏洞标题：新浪微博桌面音乐盒设计缺陷导致崩溃

漏洞作者： wdlei

提交时间：2012-05-12 21:58

修复时间：2012-05-17 21:59

公开时间：2012-05-17 21:59

漏洞类型：设计错误/逻辑缺陷

危害等级：低

自评Rank：5

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2012-05-12：细节已通知厂商并且等待厂商处理中
2012-05-17：厂商已经主动忽略漏洞，细节向公众公开
简要描述：

由于新浪微博桌面音乐盒设计缺陷导致可以使新浪微博桌面崩溃。
详细说明：

登录新浪微博桌面客户端后打开微博桌面音乐盒在没有选定是哪首歌曲时直接拉进播放进度到后面导致微博桌面程序崩溃。
不懂报哪只好往这上报了。
漏洞证明是通过截取上报的错误信息数据包获取的。
漏洞证明：

POST /imReport/winweibo HTTP/1.1
Host: report.im.weibo.com
Accept: */*
Content-Length: 64229
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------7c32c2f663d6
HTTP/1.1 100 Continue
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................c...............c.........L...........~..w....................@.g.@.g.....@.g.........@.g.@.g.@.g...................................c......................0c..'............................b.................(lc.H...........<...(...
.....................................................................b.....,.c.....,.c.............................................X.c.....................
.................c.............................................(.e.....@lc..H.......................................................................................................................................
c...........................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e......................................................................................................................N........................................c.........................P.....................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e.........................................................................................................
...
.................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................................................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................................................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.....
------------------------------7c32c2f663d6
Content-Disposition: form-data; name="content"
[{"cip":"","errorCode":"C0001","errortype":"C","filename":"Weibo20120512142614_1.9.0.24196.dmp","netenv":"","server":"","time":"20120512T142802.531250","uid":"2293213630","userevn":"","usersuggest":""}]
------------------------------7c32c2f663d6
Content-Disposition: form-data; name="uid"
2293213630
------------------------------7c32c2f663d6
Content-Disposition: form-data; name="version"
1.9.0.24196
------------------------------7c32c2f663d6
Content-Disposition: form-data; name="file"; filename="Weibo20120512142614_1.9.0.24196.dmp"
Content-Type: image/jpeg
MDMP..(Q.... ..........O............4...x...................$...q...................8................................................k..........(
.......3......AuthenticAMD........................~..O................................................?..................................................................................J......X.......O.....#...................2Y......................................0............[..........................P.!..................^..\
........................;.....(...u........a..................................,...........bd..........................t.1..................g...
...............p......x...........U........i...
...............`...........................l..8............................................o............................A.................^r..\................P..........................*u...................0......x.g..................w..4................@........W..................z..P.......................8.x......
..-........}..@...........................................Z...P.......................,.7.................&... .......................P.G......
..............|.......................P.g......
..e...........o.....@..........L.....O.3...............^.......^..............................a..................................|.....`..).
....M.3................(
......(
?..........................."..................................|........~......I>4................(
......(
?...........................%...
........................................y....yN.4......................................................Q...2.............................D.........L....t.L.4..........................?..............................................................q...............HR5................(
......(
?...........................$..................................q.....p.........H.5................(
......(
?...........................#..................................w......
......
.I.5..............{.(
....{.(
?...........................%..................................w.....0...C..\.hL.6................(
......(
?...........................#..................................w.........Z..R4CJ`6................(
......(
?...........................$..................................w............?..H.6................(
.......!?...........................#...6..............................q........2......H.6................(
......(
?...........................$...Y..............................w........!m..0p.I*7..............B.(
....B.(
?..........................."...}..............................w........!......Hj7................(
......(
?...........................#.................................Rx.....0
...
.yLYJ.7..............4..x....4..x?...........................).................................Y}.....@..\.....9Mv8................T.......T.?...........................$..................................w.....`..K......K.8................T.......T.?...........................$.................................Hx............~LYJ.8..............4..x....4..x?...........................)...3..............................w...............H.9................(
......(
?...........................$...\.............................;..............Q.N.:......................................................c..................................h......
...
....Hr:................(
......(
?...........................$.................................>.........z......O.:...............*......................................e.................................U......P......k..O.;...............)......................................k...l.............................Y..........p...B.O.;......................................................[.................................[.........(M.....L.;........................................................................................^.........?...%.&MJ<..........................?..............................................................v...............H.<................(
......(
?...........................$...2.............................c.........-
...u.L.=..........................?..............................................................x......:. .:.JmYJj=..............4..x....4..x?...........................(...V..............................w.....0..rk....rL2>................T.......T.?...........................S...~............................./v.....P.........H.?................(
......(
?...........................$..................................v........O4...K@L^?..............z.(
....z.(
?...........................".................................g.........g.....OO.?..........................?.............................................................k...............&M.@......................................................_.................................m...............JOv@...............D..........?...........................c.................................0v...............H.@................(
......(
?..........................."...q..............................w........4......M.A................(
......(
?...........................%..................................J......... ..i1.LbA...............Wr......Wr.?...........................$..................................b.........~.....H:B................(
......(
?........................... ..................................s........fT..!..KvB..............Q.(
....Q.(
?..........................."..................................Z.....p.........H.B................T.......T.?...........................$.................................6]........yD.....H.B.................x.......x?.............................................................ht...............H.C................(
......(
?..........................."...B.............................ds.........[..mr.I.D................(
......(
?...........................%...d.............................*.........Ex....&MLD......................................................Z..................................h.....`..x...$..G.D................(
......(
?...........................#.................................a...... ..V......O.D..............eZ......eZ..............................d.................................g...... 
...
.Y..ORE...............:......................................f...j.............................r..........d..R..O.E......................................................q.................................v.........Ep...vPO0F......................................................Y...A.............................z.............K..O.F......................................................i..................................v...............H.F................(
......(
?...........................%.................................hv.....`
...
..!MOBG..............5.T.....5.T.?...........................$...(.............................^v.....0.........H.G................(
......(
?...........................$...L..............................v..... ...F.....J.G................(
......(
?...........................#...p.............................a......@......tF.O.H......................................................^.................................m.............q..OtH...............,......................................e.................................p......p.........O.H......................................................g...V.............................z......p.........O8I......................................................a........................................p.........O.I...............8.......8..?...........................h...........................................,...UF.O.I......................................................b...........................................>@.....OfJ..........................?...........................b..................................v........]......H.J................(
......(
?..........................."...J........................................"..E..O.K...............8.......8..?...........................c...l.......................................{......O\K...............8.......8..?...........................d.........................c...............c.........L...........~..w....................@.g.@.g.....@.g.........@.g.@.g.@.g...................................c......................0c..'............................b.................(lc.H...........<...(...
.....................................................................b.....,.c.....,.c.............................................X.c.....................
.................c.............................................(.e.....@lc..H.......................................................................................................................................
c...........................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e......................................................................................................................N........................................c.........................P.....................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e.........................................................................................................
...
.................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................................................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................................................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.....
9.0...d.l.l...b...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.I.c.o.n.M.a.g.r._.V.C.9.0...d.l.l...`...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.U.I.F.r.a.m.e._.V.C.9.0...d.l.l...:...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.i.m.m.3.2...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.o.l.e.a.u.t.3.2...d.l.l.......C.:.\.W.I.N.D.O.W.S.\.W.i.n.S.x.S.\.x.8.6._.M.i.c.r.o.s.o.f.t...W.i.n.d.o.w.s...G.d.i.P.l.u.s._.6.5.9.5.b.6.4.1.4.4.c.c.f.1.d.f._.1...0...6.0.0.2...2.2.5.0.9._.x.-.w.w._.c.7.d.a.d.0.2.3.\.G.d.i.P.l.u.s...d.l.l...6...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.l.p.k...d.l.l...:...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.u.s.p.1.0...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.u.x.t.h.e.m.e...d.l.l.......C.:.\.W.I.N.D.O.W.S.\.W.i.n.S.x.S.\.x.8.6._.M.i.c.r.o.s.o.f.t...V.C.9.0...M.F.C.L.O.C._.1.f.c.8.b.3.b.9.a.1.e.1.8.e.3.b._.9...0...3.0.7.2.9...1._.x.-.w.w._.b.0.d.b.7.d.0.3.\.m.f.c.9.0.c.h.s...d.l.l...:...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.M.S.C.T.F...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.M.S.C.T.F.I.M.E...I.M.E...`...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.A.p.p.C.o.r.e._.V.C.9.0...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.r.s.a.e.n.h...d.l.l...X...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.R.e.s.o.u.r.c.e...d.l.l...\...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.f.s.m.N.e.t.w.o.r.k...d.l.l...v...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.U.s.e.r.I.n.f.o.C.o.l.l.e.c.t.i.o.n._.V.C.9.0...d.l.l...^...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.l.i.b.I.P.C._.V.C.9.0...d.l.l...b...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.W.e.i.b.o.S.D.K._.V.C.9.0...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.i.p.h.l.p.a.p.i...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.w.i.n.i.n.e.t...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.c.r.y.p.t.3.2...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.m.s.a.s.n.1...d.l.l...b...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.x.m.p.p.C.o.r.e._.v.c.9.0...D.L.L...Z...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.d.a.t.a.C.a.c.h.e...d.l.l...^...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.W.e.i.b.o.P.o.l.i.c.y...d.l.l...R...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.T.h.e.m.e...d.l.l...`...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.F.i.l.e.T.r.a.n.s.f.e.r...d.l.l...j...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.g.t...f.i.l.e.t.r.a.n.s._.v.c.9.0...d.l.l...T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.M.s.g.B.o.x...d.l.l...:...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.w.i.n.m.m...d.l.l...V...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.S.e.t.t.i.n.g...d.l.l...X...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.M.a.i.n.P.a.g.e...d.l.l...b...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.P.i.c.t.u.r.e.V.i.e.w.e.r...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.c.o.m.d.l.g.3.2...d.l.l...V...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.A.p.p.M.a.i.n...d.l.l...P...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.F.a.c.e...d.l.l...Z...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.I.M.A.p.p.C.o.r.e...d.l.l...X...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.w.W.i.n.d.o.w.s...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.r.i.c.h.e.d.2.0...d.l.l...T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.I.M.D.a.t.a...d.l.l...X...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.w.e.i.b.o...T.C...d.l.l...V...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.T.r.a.y.M.s.g...d.l.l...b...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.M.u.l.t.i.U.s.e.r.C.h.a.t...d.l.l...^...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.M.e.d.i.a.P.l.a.y.e.r...d.l.l...d...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.M.e.d.i.a.C.o.r.e._.V.C.9.0...d.l.l...:...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.i.k.u.t.m...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.m.s.w.s.o.c.k...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.h.n.e.t.c.f.g...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.w.s.h.t.c.p.i.p...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.d.n.s.a.p.i...d.l.l...X...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.S.i.n.a.\.W.e.i.b.o.\.B.i.n.\.W.B.r.o.w.s.e.r...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.u.r.l.m.o.n...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.c.l.b.c.a.t.q...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.c.o.m.r.e.s...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.s.h.d.o.c.v.w...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.c.r.y.p.t.u.i...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.n.e.t.a.p.i.3.2...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.w.i.n.t.r.u.s.t...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.i.m.a.g.e.h.l.p...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.r.a.s.a.d.h.l.p...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.s.e.t.u.p.a.p.i...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.s.h.d.o.c.l.c...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.x.p.s.p.2.r.e.s...d.l.l...:...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.m.l.a.n.g...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.m.s.h.t.m.l...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.m.s.l.s.3.1...d.l.l...:...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.p.s.a.p.i...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.a.s.y.c.f.i.l.t...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.M.S.I.M.T.F...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.u.s.e.r.e.n.v...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.j.s.c.r.i.p.t...d.l.l...6...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.s.x.s...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.a.p.p.h.e.l.p...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.w.i.n.r.n.r...d.l.l...>...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.n.t.m.a.r.t.a...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.s.a.m.l.i.b...d.l.l...@...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.s.c.h.a.n.n.e.l...d.l.l...<...C.:.\.W.I.N.D.O.W.S.\.s.y.s.t.e.m.3.2.\.d.s.s.e.n.h...d.l.l...?..........................................J..X...O.#..................%...?.......................................?.........@..................;...#...#.............I.........................F.......#........................................................%...?...............................................................?...............@..............................................................................................2293213630..........................................................d..........|....0...A..|.
..]..|h.......4...........................a..|h............N.|...............|@.......A..|....]..|....@...4..........|.l.w|.......0....C.w....|...........p.....Y}.C.w..Y}........|...|...?...................................................#..................%...?.......................................?.........@..................;...#...#....O...N...N.....|......#........|....F.......#........................................................%...?...............................................................?...............@..............................................................................................2293213630..........................................................d..........|....0...A..|.
..]..|h.......4...........................a..|h............N.|...............|@.......A..|....]..|....@...4..........|.l.w|.......0....C.w....|...........p.....Y}.C.w..Y}........|...|...?............................... .......'.....\..L{..... ..|(..|..T.......".x.............p... .....(..|..tr.K..................................;...#...#...........|.!.z....W........!....|....F...T.!.#..... ....|....................8... ..|(..|...."..|T......."..|....x...........,.......p... ..|-.......(..|........................c...............c.........L...........~..w....................@.g.@.g.....@.g.........@.g.@.g.@.g...................................c......................0c..'............................b.................(lc.H...........<...(...
.....................................................................b.....,.c.....,.c.............................................X.c.....................
.................c.............................................(.e.....@lc..H.......................................................................................................................................
c...........................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e......................................................................................................................N........................................c.........................P.....................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e.........................................................................................................
...
.................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................................................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................................................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.....
.|...|P...............<..|....D....|.|...|...|.............|.|t..|Q|.|..Rx.C..........8j%.?...........................................................p... ....."..|...... ...H].4.|......:...$.....H].|..................................;...#...#......wX......w........^4Tx4......|....F.......#...............................,.......p... ..|(..|...."..|...|...|.... ...H].|:....4.|........;}.|:...$......|.H.|H].|........8..............|...|...............|...|.........|.|...|:...4...4...:....|.|t..|Q|.|.m......6..|...."..|...|.4.|........P......|"..|8...8.......^.....%..2.|..RtlDecodePointer...4.Z\...h...\.......p....4.Z.............5.Z................ ..|X|.|....Q|.|.~.|...|.....m..P...............T..............|...|................<..|.........|.|...|...|P...P...V....|.|t..|Q|.|..Rx.C...........j%.?............................................................... ....."..|...%I. ...H].4.|....L.....$.....H].|................$.......\.........;...#...#............C......xs...h....7....|....F...0.7.#........................................... ..|(..|...."..|...|...|.%I. ...H].|.....4.|....L...;}.|....$......|.H.|H].|.......................|...|$.......\......|...|.........|.|...|.................|.|t..|Q|.|.m..\...6..|........ ..|.4.|...............|.%I.............^.....%..2.|..RtlDecodePointer......................?.............G..u...u......t....u..$... ..|X|.|....Q|.|.~.|...|\....m.................................|...|@.......x.......<..|....4....|.|...|...|.............|.|t..|Q|.|..Rx.C...........l%.?............................................................... ....."..|...%I. ...H].4.|....L.....$.....H].|................$.......\.........;...#...#...........|.G...G...G...G...G....|....F...T.G.#........................................... ..........."..|.........%I. ...H].......4.|....L...........$...........H].|............................$.......\..........|.........|.|...|.................|.|t..|Q|.|.m..\...6..|........ ..|.4.|...............|.%I.............^.....%..2.|..RtlDecodePointer......................?.............G..u...u......t....u..$... ..|X|.|....Q|.|.~.|...|\....m.................................|...|@.......x.......<..|....4....|.|...|...|.............|.|t..|Q|.|..Rx..G..........l%.?.............................................................G. ....."..|...... ...H].4.|....P...G.$.....H].|................(.G.....`.........;...#...#...........|.g.X.G.X.G.(NG...g....|....F...T.g.#.........................................G. ..........."..|............ ...H].......4.|....P.........G.$...........H].|............................(.G.....`..........|......G..|.|...|..G...G...G...G..|.|t..|Q|.|.m..`.G.6..|..G...G. ..|.4.|...."..|..G....|......G...G.....^.....%..2.|..RtlDecodePointer...pK.........4.....G.?...........4.G.0.J.(.J.....x.G.(.J.(.G. ..|X|.|....Q|.|.~.|...|`.G..m....G...............G............|...|D.G.....|.G.....<..|....8.G..|.|...|...|..G...G...G..|.|t..|Q|.|..Rx..K..........l%.RSDS..A$.U.D...=..:Q
...d:\package\client\weibo\develop\install\run\DLL Release\symbol\Weibo.pdb.RSDSc.....0A...T........ntdll.pdb.RSDS../..T.M....T.......kernel32.pdb.RSDS..S....C..5x/.......c:\work\common\libcom\trunk\DLL Release\CommonU_VC90.pdb.RSDS..8+...M.....^I.....wsock32.pdb.RSDS._`...)C....!.......ws2_32.pdb.RSDS..Y.a..C.|..3..M....advapi32.pdb.RSDSg\F....B..p....w....rpcrt4.pdb.RSDS..gx\..A.x....=.....secur32.pdb.RSDS.0.{...O..NU.bP.....msvcrt.pdb.RSDSX.I`.w*N............ws2help.pdb.RSDS..,7..nE.{L..>'.....gdi32.pdb.RSDS.A...N.E...G........user32.pdb.RSDS......iG....U..]....msvcr90.i386.pdb.RSDS\.Y....K.D{.$.),....shell32.pdb.RSDS..>HkG-A.....p......shlwapi.pdb.RSDS..N....K.@'
........msvcp90.i386.pdb.RSDS..=.e.\G.I....".....version.pdb.RSDS.:
#5(vB...])7.Q....c:\Users\lcg\Work\Client\common\tinyxml\trunk\DLL Release\tinyxml_VC90.pdb.RSDS:.....pD...5.OI.....dbghelp.pdb.RSDS..g.-$.B....yK).....d:\package\client\weibo\develop\install\run\DLL Release\symbol\RcManager.pdb.RSDSk/.u...O..X..nX]....d:\package\client\weibo\develop\install\run\DLL Release\symbol\DownloadManager.pdb.RSDS.K.J..0K.FH.Z.......d:\Projects\network-develop\net-svn\bin\DLL Release\HttpEngine.pdb.RSDS....)..O....|.:.....wldap32.pdb.RSDSG.[....J...*0.W
....mfc90u.i386.pdb.RSDS....r.YM.I.
O..|....MicrosoftWindowsCommon-Controls-6.0.2600.6028-comctl32.pdb.RSDS&...#.KO..]..q......msimg32.pdb.RSDSu s..6.N..<h........ole32.pdb.RSDS...'...M...L...R....c:\Users\lcg\Project\common\upgrade\develop\branchs\ForWeibo_base_on_1_0_0_1\src\UpdateClient\dll release\WeiboUpgrade_VC90.pdb.RSDSf.RZ.#cJ.=..........d:\sina\client\common\IconMagr.dll\trunk\DLL Release\IconMagr_VC90.pdb.RSDS..kI.,.F.n..o8.5%...d:\project\sina\client\skin\develop\trunk\bin\DLL Release\UIFrame_VC90.pdb.RSDS....2.SA.z.4.w.Q....imm32.pdb.RSDSH.N....G..=,...?....oleaut32.pdb.RSDS.XW..|.N.s,e..w.....gdiplus.pdb.RSDS.peK.,.E..Ai.8^.....lpk.pdb.RSDSR).....F....k.nk....usp10.pdb.RSDS0.....gG.......F....uxtheme.pdb.RSDSL./...VE..."...f....msctf.pdb.RSDS_.HtNE.L...M........msctfime.pdb.RSDS.....+NH.Y..@tm+....d:\sina\client\common\Core.dll\trunk\DLL Release\AppCore_VC90.pdb.RSDS.#3....H.:..........rsaenh.pdb.RSDS...XH..F....q.f.....d:\package\client\weibo\develop\install\run\DLL Release\symbol\Resource.pdb.RSDS..].!6AI.w.B.r.-....d:\package\client\weibo\develop\install\run\DLL Release\symbol\fsmNetwork.pdb.RSDS...zRQ.K..b...1.....d:\project\sina\client\common\UserInfoCollection\DLL Release\UserInfoCollection_VC90.pdb.RSDS(}g...mC............d:\project\sina\client\common\libIPC\DLL Release\libIPC_VC90.pdb.RSDS...G...O.....LH.....d:\package\client\weibo\develop\install\run\DLL Release\symbol\WeiboSDK_VC90.pdb.RSDSs...?..L......D.....iphlpapi.pdb.RSDS......8K...p].9.....wininet.pdb.RSDS.C.=.OkD..u.a_......crypt32.pdb.RSDS1
../.nI.H..........msasn1.pdb.RSDS*.....7L...HH.I.....d:\Projects\network-develop\net-svn\bin\DLL Release\xmppCore_vc90.pdb.RSDS..y<le.I.N.^h.H)....d:\package\client\weibo\develop\install\run\DLL Release\symbol\DataCache.pdb.RSDS..W...
E............d:\package\client\weibo\develop\install\run\DLL Release\symbol\WeiboPolicy.pdb.RSDS..bm>..C..N...G)....d:\package\client\weibo\develop\install\run\DLL Release\symbol\Theme.pdb.RSDS..B|...B..S.l.......d:\package\client\weibo\develop\install\run\DLL Release\symbol\FileTransfer.pdb.RSDS
......N..6+........d:\Projects\network-develop\net-svn\bin\DLL Release\gt.filetrans_vc90.pdb.RSDS...p..KO.6.E..k.....d:\package\client\weibo\develop\install\run\DLL Release\symbol\MsgBox.pdb.RSDS.......@.HU.[.......winmm.pdb.RSDS...!I^DN...8]..g....d:\package\client\weibo\develop\install\run\DLL Release\symbol\Setting.pdb.RSDS.~O..._E......m.....d:\package\client\weibo\develop\install\run\DLL Release\symbol\MainPage.pdb.RSDS.]~.o.]H.......3....d:\package\client\weibo\develop\install\run\DLL Release\symbol\PictureViewer.pdb.RSDS.oj..paN....m.......comdlg32.pdb.RSDS.c.o.fjN...q........d:\package\client\weibo\develop\install\run\DLL Release\symbol\AppMain.pdb.RSDS....J0.O............d:\package\client\weibo\develop\install\run\DLL Release\symbol\Face.pdb.RSDSV..z.hVL.w..ic......d:\package\client\weibo\develop\install\run\DLL Release\symbol\IMAppCore.pdb.RSDS1.*{...O.?.NR.(Y....d:\package\client\weibo\develop\install\run\DLL Release\symbol\wWindows.pdb.RSDS...S.i.M............riched20.pdb.RSDS... e.zL....._@[....d:\package\client\weibo\develop\install\run\DLL Release\symbol\IMData.pdb.RSDS.c...G.F..)&...1....d:\package\client\weibo\develop\install\run\DLL Release\symbol\weibo.TC.pdb.RSDS..A.N.eO.?...C.*....d:\package\client\weibo\develop\install\run\DLL Release\symbol\TrayMsg.pdb.RSDSZh.`...H....2."d....d:\package\client\weibo\develop\install\run\DLL Release\symbol\MultiUserChat.pdb.RSDS..=ik].G.@^..TA.....d:\package\client\weibo\develop\install\run\DLL Release\symbol\MediaPlayer.pdb.RSDS.=...e.M..:.........D:\sina\client\media\develop\trunk\bin\Release\MediaCore_VC90.pdb.RSDS.].l...N.Ej...8C....i:\install_v2\src\ikuacc\build\bin\ikutm.pdb.RSDS..d.N..E..cM,y.f....mswsock.pdb.RSDS+,3.n..B.....N.q....HNetCfg.pdb.RSDS`R...?m@.R.....r....wshtcpip.pdb.RSDS......TO.......A....dnsapi.pdb.RSDS=......N..@...{.....D:\package\client\weibo\develop\install\run\DLL Release\symbol\WBrowser.pdb.RS......................c...............c.........L...........~..w....................@.g.@.g.....@.g.........@.g.@.g.@.g...................................c......................0c..'............................b.................(lc.H...........<...(...
.....................................................................b.....,.c.....,.c.............................................X.c.....................
.................c.............................................(.e.....@lc..H.......................................................................................................................................
c...........................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e......................................................................................................................N........................................c.........................P.....................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e.........................................................................................................
...
.................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................................................................................c...............................................................................................................................................................c.................................@.g.........._c.....................
.....c.....................
...._c.....................
.........b.............t.e...............................................................................................c.................................@.g.........._c.....................
修复方案：

不懂对程序分析不会。
版权声明：转载请注明来源 wdlei@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略
忽略时间：2012-05-17 21:59
WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-07020

漏洞标题：新浪微博桌面音乐盒设计缺陷导致崩溃

相关厂商：新浪

漏洞作者： wdlei

提交时间：2012-05-12 21:58

修复时间：2012-05-17 21:59

公开时间：2012-05-17 21:59

漏洞类型：设计错误/逻辑缺陷

危害等级：低

自评Rank：5

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 wdlei@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-07020

漏洞标题：新浪微博桌面音乐盒设计缺陷导致崩溃

相关厂商：新浪

漏洞作者： wdlei

提交时间：2012-05-12 21:58

修复时间：2012-05-17 21:59

公开时间：2012-05-17 21:59

漏洞类型：设计错误/逻辑缺陷

危害等级：低

自评Rank：5

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2012-07020"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 wdlei@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：
