Vulnerability Bulletins |
Ejecución de código mediante objetos OLE en Windows en componentes MFC |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 / Itanium-based Systems Microsoft Windows Server 2003 SP1 / Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Microsoft Visual Studio .NET 2002 Microsoft Visual Studio .NET 2002 Service Pack 1 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio .NET 2003 Service Pack 1 |
Description |
|
|
Se ha descubierto una vulnerabilidad en el componente MFC en Microsoft Windows 2000 SP4, XP SP2 y en 2003 SP1 y en Visual Studio .NET 2000, 2000 SP1, 2003, y en 2003 SP1. La vulnerabilidad reside en un error no especificado. Un atacante remoto podría ejecutar código arbitrario mediante un archivo RTF que contenga un objeto OLE especialmente diseñado que provocaría una corrupción de memoria. |
|
Solution |
|
|
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=d6577f1f-0d9e-4856-b1d6-7e27657a3620 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=84ae4c62-89ae-410a-b34b-471e3c09ce98 Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=54e0dc33-6bad-476c-b4cf-b833d591aaad Microsoft Windows Server 2003 http://www.microsoft.com/downloads/details.aspx?FamilyId=934ca609-d6bc-4bf0-8233-969eb43d48bb Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?FamilyId=934ca609-d6bc-4bf0-8233-969eb43d48bb Microsoft Windows Server 2003 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=67f52e93-cd57-4852-b838-a958ab9b23fb Microsoft Windows Server 2003 SP1 / Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?FamilyId=67f52e93-cd57-4852-b838-a958ab9b23fb Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?FamilyId=f2ca9de9-f69e-4e34-9aa9-0b320d670e04 Microsoft Visual Studio .NET 2002 (KB924641) http://www.microsoft.com/downloads/details.aspx?FamilyId=711F05A8-CD67-4702-B079-3FF79A3AB4DE Microsoft Visual Studio .NET 2002 Service Pack 1 (KB924642) http://www.microsoft.com/downloads/details.aspx?FamilyId=124F2D2D-8CF3-47F3-A8FD-24A9FACF4FA4 Microsoft Visual Studio .NET 2003 (KB924643) http://www.microsoft.com/downloads/details.aspx?FamilyId=A05CE727-C5B5-4022-B7A0-D8861CE99209 Microsoft Visual Studio .NET 2003 Service Pack 1 (KB927696) http://www.microsoft.com/downloads/details.aspx?FamilyId=1DD6D8E7-390B-4E02-9F16-AB9D5EF7792E |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-0025 |
| BID | 22476 |
Other resources |
|
|
Microsoft Security Bulletin MS07-012 http://www.microsoft.com/technet/security/bulletin/ms07-012.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-02-16 |