Boletines de Vulnerabilidades |
Ejecución de código arbitrario en MDAC de Microsoft Windows |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Principiante |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricant afectat | Microsoft |
| Software afectado |
Microsoft Data Access Components 2.5 <= SP3 Microsoft Data Access Components 2.7 <= SP1 Microsoft Data Access Components 2.8 <= SP2 |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en Microsoft Windows. La vulnerabilidad reside en el control ActiveX RDS.Dataspace que es parte de ActiveX Data Objects (ADO) y se distribuye con MDAC. Un atacante remoto podría ejecutar código arbitrario. |
|
Solución |
|
|
Actualización de software Microsoft Microsoft Windows XP SP1 / Microsoft Data Access Components 2.7 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=2F9E772C-8122-4027-A117-E93227B2C79F Microsoft Windows XP SP2 / Microsoft Data Access Components 2.8 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=2F9E772C-8122-4027-A117-E93227B2C79F Microsoft Windows XP Professional x64 Edition / Microsoft Data Access Components 2.8 SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=9C8B645D-0F01-4B79-B6B3-55279BEDB944 Microsoft Windows Server 2003 / Microsoft Data Access Components 2.8 http://www.microsoft.com/downloads/details.aspx?FamilyId=39B29ED4-9B95-4593-BCB6-4BB03CA5F8F1 Microsoft Windows Server 2003 SP1 / Microsoft Data Access Components 2.8 SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=39B29ED4-9B95-4593-BCB6-4BB03CA5F8F1 Microsoft Windows Server 2003 Itanium / Microsoft Data Access Components 2.8 http://www.microsoft.com/downloads/details.aspx?FamilyId=4D2FE426-E34E-4192-8A0F-35E440E948E2 Microsoft Windows Server 2003 SP1 Itanium / Microsoft Data Access Components 2.8 SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=4D2FE426-E34E-4192-8A0F-35E440E948E2 Microsoft Windows Server 2003 x64 Edition / Microsoft Data Access Components 2.8 SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=E237C2C7-9819-437B-AB70-298BA62AC285 Windows 2000 SP4 / Microsoft Data Access Components 2.5 SP3 http://www.microsoft.com/downloads/details.aspx?FamilyId=1B3E6CB9-1EF2-4BA1-A2F2-F87B717372FB Windows 2000 SP4 / Microsoft Data Access Components 2.7 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=0AA7C8B7-8417-42D8-8E73-5466C03B8C65 Windows 2000 SP4 / Microsoft Data Access Components 2.8 http://www.microsoft.com/downloads/details.aspx?FamilyId=2494B25D-452F-4025-8B67-41A5C840F7E2 Windows 2000 SP4 / Microsoft Data Access Components 2.8 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=7358DA31-959C-4E3E-8115-51DC6D441365 Windows XP SP1 / Microsoft Data Access Components 2.8 http://www.microsoft.com/downloads/details.aspx?FamilyId=2494B25D-452F-4025-8B67-41A5C840F7E2 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2006-0003 |
| BID | |
Recursos adicionales |
|
|
Microsoft Security Bulletin (MS06-014) http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx |
|
Histórico de versiones |
||
| Versión | Comentario | Data |
| 1.0 | Aviso emitido | 2006-04-12 |
| 2.0 | Exploit público disponible | 2006-07-24 |