Vulnerability Bulletins |
Ejecución de código en Step-by-Step Interactive Training |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software | Step-by-Step Interactive Training |
Description |
|
|
Se ha descubierto una vulnerabilidad en Step-by-Step Interactive Training de Microsoft Windows 2000 SP4, XP SP2 y Professional y en Server 2003 SP1. La vulnerabilidad reside en un error no especificado. Un atacante remoto podría ejecutar código arbitrario mediante una lista de vínculos de marcador especialmente construida. Es una vulnerabilidad diferente a la del CVE-2005-1212. |
|
Solution |
|
|
Actualización de software Microsoft Step-by-Step Interactive Training / Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=128c57af-663a-4476-92f5-aab394cfc91a Step-by-Step Interactive Training / Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=128c57af-663a-4476-92f5-aab394cfc91a Step-by-Step Interactive Training / Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=e268ffd5-295c-45f7-afd1-60007e791f8c Step-by-Step Interactive Training / Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=128c57af-663a-4476-92f5-aab394cfc91a Step-by-Step Interactive Training / Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=128c57af-663a-4476-92f5-aab394cfc91a Step-by-Step Interactive Training / Microsoft Windows Server 2003 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=5eeedd28-47a5-4b30-a913-c1150330ecbe Step-by-Step Interactive Training / Microsoft Windows Server 2003 SP1 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=5eeedd28-47a5-4b30-a913-c1150330ecbe Step-by-Step Interactive Training / Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=2760120e-96b2-42b2-b5df-6322c9385729 |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-3448 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS07-005 http://www.microsoft.com/technet/security/bulletin/ms07-005.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-02-15 |