Vulnerability Bulletins |
Ejecución de código arbitrario en Microsoft Object Packager |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Microsoft Windows XP SP1 Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium Microsoft Windows Server 2003 x64 |
Description |
|
Se ha descubierto una vulnerabilidad en Microsoft Windows XP SP1 y SP2 y Server 2003 SP1 y anteriores. La vulnerabilidad reside en un error en Windows Object Packager que no maneja correctamente ciertas extensiones de fichero. Un atacante remoto podría ejecutar código arbitrario mediante un fichero especialmente diseñado. La vulnerabilidad se conoce como "Object Packager Dialogue Spoofing Vulnerability". |
|
Solution |
|
Actualización de software Microsoft Microsoft Windows XP SP1 Microsoft Windows XP SP2 http://www.microsoft.com/downloads/details.aspx?FamilyId=86c2b78e-53bf-4ddd-88f6-5d12c6d18c90 Microsoft Windows XP Professional x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=2ac72356-7772-41b6-b4a6-7215c89f7347 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=e2f5b9f9-4481-44f9-9aef-1af0afae8319 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=8c9a22a6-bd61-4fd4-9aa4-012d745046da Microsoft Windows Server 2003 x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=ec4f4f72-8467-4964-ad28-ed9ea7562e0b |
|
Standar resources |
|
Property | Value |
CVE | CVE-2006-4692 |
BID | |
Other resources |
|
Microsoft Security Bulletin (MS06-065) http://www.microsoft.com/technet/security/bulletin/ms06-065.mspx |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-10-13 |