Vulnerability Bulletins |
Ejecución de código en Microsoft Word |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Word 2000 Word 2002 Word 2003 Word Viewer 2003 Word 2004 v. X / Mac Works 2004, 2005, 2006 |
Description |
|
|
Se ha descubierto una vulnerabilidad en Microsoft Word. La vulnerabilidad reside en error no especificado en el manejo de documentos Word. Un atacante remoto podría ejecutar código arbitrario mediante archivos Word especialmente construidos. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Office 2000 Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=F1E61E6A-BE3D-4536-AF76-A11D5CE67199 Microsoft Office XP Service Pack 3 http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Word 2003 http://www.microsoft.com/downloads/details.aspx?FamilyID=882F8503-DA72-43C9-B556-A002EC58F289 Microsoft Word Viewer 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=FB59798B-AFE2-4103-9991-CBDD7686F9AD Microsoft Works Suite 2004 http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Works Suite 2005 http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Works Suite 2006 http://www.microsoft.com/downloads/details.aspx?FamilyId=A1CA8DD7-0622-4D66-A85F-A6586545EF9D Microsoft Office 2004 for Mac http://www.microsoft.com/mac/ |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-5994 |
| BID | |
Other resources |
|
|
Microsoft Security Advisory (929433) http://www.microsoft.com/technet/security/advisory/929433.mspx Microsoft Security Bulletin MS07-014 http://www.microsoft.com/technet/security/Bulletin/MS07-014.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-12-07 |
| 2.0 | Exploit público disponible | 2006-12-29 |
| 2.1 | Aviso emitido por Microsoft (MS07-014) | 2007-02-15 |