Vulnerabilidad en ASN.1 permite la ejecución remota de código
|
Clasificación de la vulnerabilidad
|
Propiedad |
Valor |
Nivel de Confianza |
Oficial |
Impacto |
Compromiso Root |
Dificultad |
Principiante |
Requerimientos del atacante |
Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema
|
Propiedad |
Valor |
Fabricant afectat |
Microsoft |
Software afectado |
Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition |
Descripción
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en la librería de Microsoft ASN.1. La explotación de esta vulnerabilidad permitiría a un atacante remoto la ejecución de código en la máquina afectada con privilegios de SYSTEM. |
Solución
|
Actualización de software
Microsoft Windows NT
Microsoft Windows NT Workstation 4.0 Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=92400199-B3D5-4826-98D4-F134849F5249
Microsoft Windows NT Server 4.0 Service Pack 6a
http://www.microsoft.com/downloads/details.aspx?FamilyId=E8315430-90CD-4B20-8F54-58527932B588
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
http://www.microsoft.com/downloads/details.aspx?FamilyId=D83B39D3-FF13-4D0B-B406-A225AED0D659
Microsoft Windows 2000
Microsoft Windows 2000 Service Pack 2, 3, 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=191853C4-A4D2-4797-A8C6-A2E663A53698
Microsoft Windows XP
Microsoft Windows XP
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CC30297-D4AE-48E9-ACD0-1343D89CCBBA
Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CC30297-D4AE-48E9-ACD0-1343D89CCBBA
Microsoft Windows XP 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=383C397F-9318-4AD5-9C2C-0577118A1E68
Microsoft Windows XP 64-Bit Edition Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=383C397F-9318-4AD5-9C2C-0577118A1E68
Microsoft Windows XP 64-Bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1-4B5F-958F-E178C3F61F7C
Microsoft Windows XP 64-Bit Edition Version 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1-4B5F-958F-E178C3F61F7C
Microsoft Windows Server 2003
Microsoft Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D7FFFF9-A497-42FF-90E7-283732B2E117
Microsoft Windows Server 2003 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=FA280168-66E1-4B5F-958F-E178C3F61F7C |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CAN-2003-0818 |
BID |
NULL |
Recursos adicionales
|
Microsoft Security Bulletin MS04-007
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-007.asp
eEye Advisory: Microsoft Windows ASN.1 Library Length Overflow
http://www.eeye.com/html/Research/Advisories/AD20040210.html
eEye Advisory: Microsoft Windows ASN.1 Library Bit String
http://www.eeye.com/html/Research/Advisories/AD20040210-2.html |